From b59b71b93d6d882b1a56888d1f62b679f4967be1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Mar 2026 12:24:08 +0000 Subject: [PATCH 1/2] fix(bot): bump the dependencies group across 1 directory with 7 updates Bumps the dependencies group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `6` | `7` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) Updates `SonarSource/sonarqube-scan-action` from 6 to 7 - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](https://github.com/sonarsource/sonarqube-scan-action/compare/v6...v7) Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) Updates `actions/download-artifact` from 4 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v8) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: SonarSource/sonarqube-scan-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/ci-standard-checks-workflow.yaml | 2 +- .github/workflows/create-github-release.yaml | 2 +- .github/workflows/deep-purple-checks.yml | 2 +- .github/workflows/frontend-deploy-workflow.yml | 14 +++++++------- .../frontend-library-pr-release-workflow.yml | 4 ++-- .github/workflows/frontend-pr-workflow.yml | 14 +++++++------- .github/workflows/go-lint-workflow.yaml | 4 ++-- .../graphql-generate-persisted-operations.yml | 2 +- .github/workflows/image-multiarch.yaml | 10 +++++----- .github/workflows/plantuml.yml | 2 +- .github/workflows/release.yaml | 2 +- .github/workflows/sonarcloud-scan.yml | 6 +++--- 12 files changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/ci-standard-checks-workflow.yaml b/.github/workflows/ci-standard-checks-workflow.yaml index b84a21c8..281d9da1 100644 --- a/.github/workflows/ci-standard-checks-workflow.yaml +++ b/.github/workflows/ci-standard-checks-workflow.yaml @@ -24,7 +24,7 @@ jobs: runs-on: 'ubuntu-latest' steps: - name: Check Out Source Code - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 - uses: actions/setup-node@v6 diff --git a/.github/workflows/create-github-release.yaml b/.github/workflows/create-github-release.yaml index 5937a8ec..0061b8d1 100644 --- a/.github/workflows/create-github-release.yaml +++ b/.github/workflows/create-github-release.yaml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - uses: go-semantic-release/action@v1 with: diff --git a/.github/workflows/deep-purple-checks.yml b/.github/workflows/deep-purple-checks.yml index 707eb677..81df0a3e 100644 --- a/.github/workflows/deep-purple-checks.yml +++ b/.github/workflows/deep-purple-checks.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Verify Jenkins credentials continue-on-error: false diff --git a/.github/workflows/frontend-deploy-workflow.yml b/.github/workflows/frontend-deploy-workflow.yml index 3586cf1a..947542a9 100644 --- a/.github/workflows/frontend-deploy-workflow.yml +++ b/.github/workflows/frontend-deploy-workflow.yml @@ -299,7 +299,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -347,7 +347,7 @@ jobs: echo "📋 Workflow version: ${{ env.WORKFLOW_VERSION }} (${{ env.WORKFLOW_FILE }})" - name: Upload build artifacts - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: build-${{ github.run_id }} path: ${{ inputs.build-artifact-path || inputs.build-output-dir }} @@ -363,7 +363,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Required for SonarCloud @@ -397,7 +397,7 @@ jobs: - name: Upload coverage if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: coverage-${{ github.run_id }} path: coverage/ @@ -413,7 +413,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -460,7 +460,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: integration-test-results-${{ github.run_id }} path: playwright-report/ @@ -565,7 +565,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: token: ${{ secrets.GH_TOKEN }} fetch-depth: 0 diff --git a/.github/workflows/frontend-library-pr-release-workflow.yml b/.github/workflows/frontend-library-pr-release-workflow.yml index 3dca3c4b..afd39962 100644 --- a/.github/workflows/frontend-library-pr-release-workflow.yml +++ b/.github/workflows/frontend-library-pr-release-workflow.yml @@ -82,7 +82,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Required for SonarCloud and semantic-release @@ -113,7 +113,7 @@ jobs: - name: SonarCloud Scan if: inputs.run-sonarcloud - uses: SonarSource/sonarqube-scan-action@v6 + uses: SonarSource/sonarqube-scan-action@v7 with: args: > -Dsonar.projectKey=${{ inputs.sonar-project-key != '' && inputs.sonar-project-key || format('{0}_{1}', github.repository_owner, github.event.repository.name) }} diff --git a/.github/workflows/frontend-pr-workflow.yml b/.github/workflows/frontend-pr-workflow.yml index e030d837..fafc484b 100644 --- a/.github/workflows/frontend-pr-workflow.yml +++ b/.github/workflows/frontend-pr-workflow.yml @@ -301,7 +301,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -359,7 +359,7 @@ jobs: - name: Upload build artifacts if: ${{ !env.ACT }} - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: build-${{ github.run_id }} path: ${{ inputs.build-artifact-path || inputs.build-output-dir }} @@ -375,7 +375,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -407,7 +407,7 @@ jobs: - name: Upload coverage if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: coverage-${{ github.run_id }} path: coverage/ @@ -423,7 +423,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 @@ -470,7 +470,7 @@ jobs: - name: Upload test results if: always() - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: integration-test-results-${{ github.run_id }} path: playwright-report/ @@ -489,7 +489,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup Node with Cache uses: Typeform/.github/shared-actions/setup-node-with-cache@v1 diff --git a/.github/workflows/go-lint-workflow.yaml b/.github/workflows/go-lint-workflow.yaml index c73251b9..8744c6e2 100644 --- a/.github/workflows/go-lint-workflow.yaml +++ b/.github/workflows/go-lint-workflow.yaml @@ -54,10 +54,10 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Check out repository containing linter config - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: ${{ inputs.golangci-lint-config-repo }} ref: ${{ inputs.golangci-lint-config-repo-ref }} diff --git a/.github/workflows/graphql-generate-persisted-operations.yml b/.github/workflows/graphql-generate-persisted-operations.yml index 678e4afa..2f13e248 100644 --- a/.github/workflows/graphql-generate-persisted-operations.yml +++ b/.github/workflows/graphql-generate-persisted-operations.yml @@ -25,7 +25,7 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 diff --git a/.github/workflows/image-multiarch.yaml b/.github/workflows/image-multiarch.yaml index be2a074b..11fa9658 100644 --- a/.github/workflows/image-multiarch.yaml +++ b/.github/workflows/image-multiarch.yaml @@ -59,16 +59,16 @@ jobs: runs-on: [ "${{ inputs.runner }}" ] steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up QEMU if: ${{ contains(inputs.platforms, ',') }} - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@v4 with: image: 567716553783.dkr.ecr.us-east-1.amazonaws.com/docker-hub/tonistiigi/binfmt:latest - name: Set up Docker context for Buildx run: docker context create builders - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: endpoint: builders - name: Set dev prefix on tag @@ -78,7 +78,7 @@ jobs: if: ${{ inputs.prefix != '' }} run: echo "VERSION_PREFIX=$(echo ${{inputs.prefix}}-$VERSION_PREFIX)" >> $GITHUB_ENV - name: Build and push images - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: build-args: ${{ inputs.build-args }} context: ${{ inputs.context }} @@ -95,7 +95,7 @@ jobs: run: echo "VERSION_LATEST=$(echo ${{inputs.prefix}}-$VERSION_LATEST)" >> $GITHUB_ENV - name: Push latest image if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: build-args: ${{ inputs.build-args }} context: ${{ inputs.context }} diff --git a/.github/workflows/plantuml.yml b/.github/workflows/plantuml.yml index 3e58022a..748e198a 100644 --- a/.github/workflows/plantuml.yml +++ b/.github/workflows/plantuml.yml @@ -19,7 +19,7 @@ jobs: runs-on: ubuntu-latest if: ${{ github.actor != 'dependabot[bot]' }} steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: # Checkout the Pull Request branch, so that we are not in a detached head state. # and can push the re-generated diagrams to the HEAD of the same branch. diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 23169e0b..d44f4b1d 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Update major version tag run: | git config --global user.email "security@typeform.com" diff --git a/.github/workflows/sonarcloud-scan.yml b/.github/workflows/sonarcloud-scan.yml index 0f814f94..b23abde0 100644 --- a/.github/workflows/sonarcloud-scan.yml +++ b/.github/workflows/sonarcloud-scan.yml @@ -62,7 +62,7 @@ jobs: steps: - name: Check out Git repository - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 # Required for SonarCloud to analyze git history @@ -77,14 +77,14 @@ jobs: - name: Download coverage artifacts if: inputs.coverage-artifact-name != '' - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: ${{ inputs.coverage-artifact-name }} path: coverage/ continue-on-error: true - name: SonarCloud Scan - uses: SonarSource/sonarqube-scan-action@v6 + uses: SonarSource/sonarqube-scan-action@v7 with: args: > -Dsonar.projectVersion=${{ github.run_id }} From fe34333421db972fa956bde91cf669d123d9995a Mon Sep 17 00:00:00 2001 From: Philipp Langer Date: Wed, 25 Mar 2026 09:18:15 +0100 Subject: [PATCH 2/2] wider range dependabot --- .github/dependabot.yml | 74 +++++++++++++++++++++++++++++++++++------- 1 file changed, 63 insertions(+), 11 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index fb73d0f3..23d9f56b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,14 +1,66 @@ version: 2 +registries: + ecr-docker: + type: docker-registry + url: https://567716553783.dkr.ecr.us-east-1.amazonaws.com + username: ${{secrets.ECR_AWS_ACCESS_KEY_ID}} + password: ${{secrets.ECR_AWS_SECRET_ACCESS_KEY}} + npm-github: + type: npm-registry + url: https://npm.pkg.github.com + token: ${{ secrets.GH_TOKEN }} + git-github: + type: git + url: https://github.com + username: x-access-token + password: '${{ secrets.GH_TOKEN }}' + updates: -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: weekly - day: sunday - groups: - dependencies: - patterns: - - "*" - commit-message: - prefix: fix(bot) + - package-ecosystem: npm + schedule: + interval: weekly + day: sunday + groups: + dependencies: + patterns: + - "*" + directories: + - "/" + commit-message: + prefix: fix(dependabot) + registries: + - npm-github + - git-github + + - package-ecosystem: github-actions + schedule: + interval: weekly + day: sunday + groups: + dependencies: + patterns: + - "*" + # recursively check in all subdirectories, there are actions + # references that are not within the .github/ or other root folders + directories: + - "/" + commit-message: + prefix: fix(dependabot) + registries: + - git-github + + - package-ecosystem: docker + schedule: + interval: weekly + day: sunday + groups: + dependencies: + patterns: + - "*" + directories: + - "/" + commit-message: + prefix: fix(dependabot) + registries: + - ecr-docker