From 4e35d8a2ff54a1d92f0e1c76887da863867f8dd7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 10 Jun 2024 21:59:17 +0000
Subject: [PATCH] update: bump the gh-actions-packages group across 1 directory
 with 5 updates

Bumps the gh-actions-packages group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.6` | `3.25.8` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.2` | `4.3.3` |
| [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2762.0` | `12.2777.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `5.3.0` | `5.4.0` |
| [mikepenz/action-junit-report](https://github.com/mikepenz/action-junit-report) | `4.2.1` | `4.2.2` |



Updates `github/codeql-action` from 3.25.6 to 3.25.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/9fdb3e49720b44c48891d036bb502feb25684276...2e230e8fe0ad3a14a340ad0815ddb96d599d2aff)

Updates `actions/dependency-review-action` from 4.3.2 to 4.3.3
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](https://github.com/actions/dependency-review-action/compare/0c155c5e8556a497adf53f2c18edabf945ed8e70...72eb03d02c7872a771aacd928f3123ac62ad6d3a)

Updates `bridgecrewio/checkov-action` from 12.2762.0 to 12.2777.0
- [Release notes](https://github.com/bridgecrewio/checkov-action/releases)
- [Commits](https://github.com/bridgecrewio/checkov-action/compare/cbef505ba3282486a24541d7c862e19266ad0d96...d5cf7815e6ec033e990dc1d66c346983339a912b)

Updates `docker/build-push-action` from 5.3.0 to 5.4.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/2cdde995de11925a030ce8070c3d77a52ffcf1c0...ca052bb54ab0790a636c9b5f226502c73d547a25)

Updates `mikepenz/action-junit-report` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/mikepenz/action-junit-report/releases)
- [Commits](https://github.com/mikepenz/action-junit-report/compare/9379f0ccddcab154835d4e2487555ee79614fe95...ac30be7acb0a361e5492575ab42e47fcadec4928)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
- dependency-name: bridgecrewio/checkov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions-packages
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions-packages
- dependency-name: mikepenz/action-junit-report
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/.reusable-compliance.yml |  4 ++--
 .github/workflows/.reusable-sast.yml       | 18 +++++++++---------
 .github/workflows/.reusable-unit-test.yml  |  4 ++--
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/.reusable-compliance.yml b/.github/workflows/.reusable-compliance.yml
index 7f575c0..0ef3c22 100644
--- a/.github/workflows/.reusable-compliance.yml
+++ b/.github/workflows/.reusable-compliance.yml
@@ -33,7 +33,7 @@ jobs:
           repo_token: ${{ secrets.SCORECARD_TOKEN }}
           publish_results: false  #TODO: reactivate when working again
       - name: Upload
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           sarif_file: results.sarif
 
@@ -51,7 +51,7 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
       - name: Review
-        uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # v4.3.2
+        uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3
         with:
           comment-summary-in-pr: always
 
diff --git a/.github/workflows/.reusable-sast.yml b/.github/workflows/.reusable-sast.yml
index d1cb5b9..3dd9ee0 100644
--- a/.github/workflows/.reusable-sast.yml
+++ b/.github/workflows/.reusable-sast.yml
@@ -48,7 +48,7 @@ jobs:
         run: bandit -r -f sarif -o bandit-results.sarif semgr8s/ --exit-zero
       - name: Upload
         if: inputs.output == 'sarif'
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           sarif_file: 'bandit-results.sarif'
 
@@ -99,14 +99,14 @@ jobs:
         shell: bash
       - name: Scan
         if: inputs.output == 'table'
-        uses: bridgecrewio/checkov-action@cbef505ba3282486a24541d7c862e19266ad0d96 # v12.2762.0
+        uses: bridgecrewio/checkov-action@d5cf7815e6ec033e990dc1d66c346983339a912b # v12.2777.0
         with:
           skip_check: CKV_DOCKER_2
           output_format: cli
           soft_fail: false
       - name: Scan
         if: inputs.output == 'sarif'
-        uses: bridgecrewio/checkov-action@cbef505ba3282486a24541d7c862e19266ad0d96 # v12.2762.0
+        uses: bridgecrewio/checkov-action@d5cf7815e6ec033e990dc1d66c346983339a912b # v12.2777.0
         with:
           skip_check: CKV_DOCKER_2
           output_file_path: console,checkov-results.sarif
@@ -114,7 +114,7 @@ jobs:
           soft_fail: true
       - name: Upload
         if: inputs.output == 'sarif'
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           sarif_file: checkov-results.sarif
 
@@ -131,11 +131,11 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+      uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
       with:
         languages: 'python'
     - name: Analyze
-      uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+      uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
 
   hadolint:
     runs-on: ubuntu-latest
@@ -164,7 +164,7 @@ jobs:
           no-fail: true
           output-file: hadolint-results.sarif
       - name: Upload
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: inputs.output == 'sarif'
         with:
           sarif_file: 'hadolint-results.sarif'
@@ -197,7 +197,7 @@ jobs:
           format: sarif
           output-file: kubelinter-results.sarif
       - name: Upload
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: inputs.output == 'sarif'
         with:
           sarif_file: 'kubelinter-results.sarif'
@@ -249,7 +249,7 @@ jobs:
         if: inputs.output == 'sarif'
         run: semgrep ci --config=auto --suppress-errors --sarif --output=semgrep-results.sarif || exit 0
       - name: Upload
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: inputs.output == 'sarif'
         with:
           sarif_file: semgrep-results.sarif
diff --git a/.github/workflows/.reusable-unit-test.yml b/.github/workflows/.reusable-unit-test.yml
index bf37903..57e3ac3 100644
--- a/.github/workflows/.reusable-unit-test.yml
+++ b/.github/workflows/.reusable-unit-test.yml
@@ -23,7 +23,7 @@ jobs:
       - name: Set up Docker buildx
         uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
       - name: Build test image
-        uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
+        uses: docker/build-push-action@ca052bb54ab0790a636c9b5f226502c73d547a25 # v5.4.0
         with:
           push: false
           load: true
@@ -46,7 +46,7 @@ jobs:
           pytest-coverage-path: tests/pytest-coverage.txt
           junitxml-path: tests/pytest.xml
       - name: Publish Test Report
-        uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1
+        uses: mikepenz/action-junit-report@ac30be7acb0a361e5492575ab42e47fcadec4928 # v4.2.2
         if: success() || failure() # always run even if the previous step fails
         with:
           report_paths: 'tests/pytest.xml'