build(deps): bump the github-actions group across 1 directory with 4 updates by dependabot[bot] · Pull Request #741 · canonical/microcluster

dependabot · 2026-05-28T12:31:31Z

Bumps the github-actions group with 4 updates in the / directory: aquasecurity/trivy-action, actions/dependency-review-action, tiobe/tics-github-action and zizmorcore/zizmor-action.

Updates aquasecurity/trivy-action from 0.35.0 to 0.36.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

chore(ci): update bump-trivy workflow by @DmitriyLewen in aquasecurity/trivy-action#546

ci: use action.yaml as single source of truth for Trivy version by @nikpivkin in aquasecurity/trivy-action#552

ci: replace peter-evans/create-pull-request with gh CLI by @nikpivkin in aquasecurity/trivy-action#550

test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @nikpivkin in aquasecurity/trivy-action#555

ci: add dependabot config by @nikpivkin in aquasecurity/trivy-action#556

chore: add zizmor config by @nikpivkin in aquasecurity/trivy-action#557

chore(deps): bump the actions group with 5 updates by @dependabot[bot] in aquasecurity/trivy-action#558

fix: use portable shebang in entrypoint.sh by @Hayao0819 in aquasecurity/trivy-action#545

Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @patrik-csak in aquasecurity/trivy-action#547

Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @Aditya09-cse in aquasecurity/trivy-action#548

chore: use GitHub Actions as git commit author in bump-trivy workflow by @nikpivkin in aquasecurity/trivy-action#561

chore(deps): Update trivy to v0.70.0 by @Argon-DevOps-Mgt in aquasecurity/trivy-action#559

chore: update action version to v0.36.0 in examples by @nikpivkin in aquasecurity/trivy-action#563

New Contributors

@dependabot[bot] made their first contribution in aquasecurity/trivy-action#558

@Hayao0819 made their first contribution in aquasecurity/trivy-action#545

@patrik-csak made their first contribution in aquasecurity/trivy-action#547

@Aditya09-cse made their first contribution in aquasecurity/trivy-action#548

@Argon-DevOps-Mgt made their first contribution in aquasecurity/trivy-action#559

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits

ed142fd chore: update action version to v0.36.0 in examples (#563)
dea62cf chore(deps): Update trivy to v0.70.0 (#559)
128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
4a2deec fix: use portable shebang in entrypoint.sh (#545)
1994662 chore(deps): bump the actions group with 5 updates (#558)
6b36659 chore: add zizmor config (#557)
316aa5a ci: add dependabot config (#556)
264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.9.0 to 5.0.0

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

Add .github/copilot-instructions.md for Copilot coding agent by @ahpook in actions/dependency-review-action#1067

Update Node.js runtime from 20 to 24 by @scottschreckengaust in actions/dependency-review-action#1084

Bump spdx-license-ids from 3.0.20 to 3.0.23 by @mongolyy in actions/dependency-review-action#1091

docs: bump actions/checkout from v4 to v6 in workflow examples by @Marukome0743 in actions/dependency-review-action#1077

fix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by @tspascoal in actions/dependency-review-action#1076

Resolve security findings by @AshelyTC in actions/dependency-review-action#1094

v5.0.0 release branch by @ahpook in actions/dependency-review-action#1098

New Contributors

@scottschreckengaust made their first contribution in actions/dependency-review-action#1084

@mongolyy made their first contribution in actions/dependency-review-action#1091

@Marukome0743 made their first contribution in actions/dependency-review-action#1077

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Commits

a1d282b Merge pull request #1098 from actions/ahpook/v5-release
eb6c199 update examples to show @v5
3943c2c v5.0.0 release branch
454943c Merge pull request #1094 from actions/ashelytc/security-findings
6d92a12 revert @typescript-eslint/parser update
a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
b6b7079 update @typescript-eslint/parser to 8.40.0
821a21d update more dependencies
05aaaae run npm audit fix
55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
Additional commits viewable in compare view

Updates tiobe/tics-github-action from 3.9.1 to 3.10.0

Release notes

Sourced from tiobe/tics-github-action's releases.

v3.10.0

What's Changed

Features

RM-38009: Using the repository name if no project is specified when running qserver mode by @janssen-tiobe in tiobe/tics-github-action#519

RM-37714: Removed CLI summary that was posted at the end of a run. by @janssen-tiobe in tiobe/tics-github-action#520

Full Changelog: tiobe/tics-github-action@v3.9.0...v3.10.0

Commits

016a4d7 Build dist after push to main
2802e44 RM-37714: Removed CLI summary that was posted at the end of a run. (#520)
82bd3f7 Build dist after push to main
61be742 RM-38009: Using the repository name if no project is specified when running q...
See full diff in compare view

Updates zizmorcore/zizmor-action from 0.5.2 to 0.5.6

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.6

1.25.2 is now available via the action

1.25.2 is now the default version of zizmor used by the action

v0.5.5

This is a no-op release.

v0.5.4

1.25.0 is now available via the action

1.25.0 is now the default version of zizmor used by the action

v0.5.3

What's Changed

1.24.0 and 1.24.1 are now available via the action

1.24.1 is now the default version of zizmor used by the action

Full Changelog: zizmorcore/zizmor-action@v0.5.2...v0.5.3

Commits

5f14fd0 Sync zizmor versions (#114)
a16621b Bump pins in README (#112)
1c03e04 chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the github-ac...
b572f7b Sync zizmor versions (#111)
06928c5 chore(deps): bump github/codeql-action in the github-actions group (#109)
5ea8b96 docs: Update link to GitHub docs (#108)
849ac26 chore(deps): bump the github-actions group with 2 updates (#106)
814f977 Bump pins in README (#103)
b1d7e1f Sync zizmor versions (#102)
a195b57 Sync zizmor versions (#100)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…updates Bumps the github-actions group with 4 updates in the / directory: [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action), [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [tiobe/tics-github-action](https://github.com/tiobe/tics-github-action) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@57a97c7...ed142fd) Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@2031cfc...a1d282b) Updates `tiobe/tics-github-action` from 3.9.1 to 3.10.0 - [Release notes](https://github.com/tiobe/tics-github-action/releases) - [Commits](tiobe/tics-github-action@3300ccc...016a4d7) Updates `zizmorcore/zizmor-action` from 0.5.2 to 0.5.6 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](zizmorcore/zizmor-action@71321a2...5f14fd0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: tiobe/tics-github-action dependency-version: 3.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 28, 2026

markylaing approved these changes May 28, 2026

View reviewed changes

markylaing merged commit a9bb238 into v2 May 28, 2026
10 checks passed

dependabot Bot deleted the dependabot/github_actions/v2/github-actions-53b9ce47fe branch May 28, 2026 12:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the github-actions group across 1 directory with 4 updates#741

build(deps): bump the github-actions group across 1 directory with 4 updates#741
markylaing merged 1 commit into
v2from
dependabot/github_actions/v2/github-actions-53b9ce47fe

dependabot Bot commented on behalf of github May 28, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 28, 2026

v0.36.0

What's Changed

New Contributors

5.0.0

What's Changed

New Contributors

v3.10.0

What's Changed

Features

v0.5.6

v0.5.5

v0.5.4

v0.5.3

What's Changed

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant