Skip to content

chore(deps): bump the actions group with 4 updates#123

Merged
poiana merged 1 commit into
mainfrom
dependabot/github_actions/actions-2f211efb6a
Feb 5, 2026
Merged

chore(deps): bump the actions group with 4 updates#123
poiana merged 1 commit into
mainfrom
dependabot/github_actions/actions-2f211efb6a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Feb 3, 2026

Bumps the actions group with 4 updates: helm/kind-action, slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml, slsa-framework/slsa-verifier and slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml.

Updates helm/kind-action from 1.8.0 to 1.13.0

Release notes

Sourced from helm/kind-action's releases.

v1.13.0

What's Changed

New Contributors

Full Changelog: helm/kind-action@v1...v1.13.0

v1.12.0

What's Changed

New Contributors

Full Changelog: helm/kind-action@v1.11.0...v1.12.0

v1.11.0

What's Changed

New Contributors

Full Changelog: helm/kind-action@v1.10.0...v1.11.0

v1.10.0

Requirements

We changed to use wget instead of curl

What's Changed

... (truncated)

Commits
  • 92086f6 bump kind and kubectl and also nodejs (#150)
  • 7cd7463 bug: respect 'install_only' action input value (#147)
  • 50ea670 Bump actions/checkout from 4.2.2 to 5.0.0 (#145)
  • b72c923 chore: bump kind to v0.29.0 (#144)
  • d4887be Add cloud provider (#135)
  • d730aaf Load GITHUB_PATH in PATH to use correct binaries when creating registry (#133)
  • a6dfd81 chore: verify sha256sum of kubectl (#134)
  • a1b0e39 Bump actions/checkout from 4.1.4 to 4.2.2 in the actions group (#130)
  • 9315f6b feat: options to configure local registry (#113)
  • aed9fb9 update kind to use release v0.26.0 (#129)
  • Additional commits viewable in compare view

Updates slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml from 2.0.0 to 2.1.0

Release notes

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml's releases.

v2.1.0

What's Changed

... (truncated)

Changelog

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml's changelog.

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

The workflows generator_generic_slsa3.yml and builder_go_slsa3.yml have been updated to produce signed Sigstore Bundles, just like all the other builders that use the BYOB framework.

The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on https://search.sigstore.dev/.

v2.1.0: Vars context recorded in provenance

  • Updated: GitHub vars context is now recorded in provenance for the generic and container generators. The vars context cannot affect the build in the Go builder so it is not recorded.
Commits

Updates slsa-framework/slsa-verifier from 2.5.1 to 2.7.1

Release notes

Sourced from slsa-framework/slsa-verifier's releases.

v2.7.1

What's Changed

New Contributors

Full Changelog: slsa-framework/slsa-verifier@v2.7.0...v2.7.1

v2.7.1-rc.2

What's Changed

Full Changelog: slsa-framework/slsa-verifier@v2.7.1-rc.1...v2.7.1-rc.2

v2.7.1-rc.1

What's Changed

... (truncated)

Commits
  • ea584f4 docs: add section for verify-github-attestation (#858)
  • 2950204 feat: Bazel not experimental (#850)
  • 08d54ab chore(deps): bump the npm_and_yarn group across 2 directories with 5 updates ...
  • 09889f2 chore(deps): update gcr.io/distroless/base:nonroot docker digest to 0a0dc20 (...
  • 7135755 chore(deps): update golang:1.23 docker digest to dd5cc4b (#847)
  • 4f28a95 fix: no parallel regression tests (#855)
  • 1595a06 fix(deps): update golang.org/x/exp digest to dcc06ee (#839)
  • e0b3ab7 fix(deps): update npm (#843)
  • b02ea50 chore(deps): bump the go_modules group across 1 directory with 2 updates (#853)
  • f6be75a chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go...
  • Additional commits viewable in compare view

Updates slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml from 2.0.0 to 2.1.0

Release notes

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml's releases.

v2.1.0

What's Changed

... (truncated)

Changelog

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml's changelog.

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

The workflows generator_generic_slsa3.yml and builder_go_slsa3.yml have been updated to produce signed Sigstore Bundles, just like all the other builders that use the BYOB framework.

The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on https://search.sigstore.dev/.

v2.1.0: Vars context recorded in provenance

  • Updated: GitHub vars context is now recorded in provenance for the generic and container generators. The vars context cannot affect the build in the Go builder so it is not recorded.
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the actions group with 4 updates
b498d67 
Bumps the actions group with 4 updates: [helm/kind-action](https://github.com/helm/kind-action), [slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator), [slsa-framework/slsa-verifier](https://github.com/slsa-framework/slsa-verifier) and [slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator).


Updates `helm/kind-action` from 1.8.0 to 1.13.0
- [Release notes](https://github.com/helm/kind-action/releases)
- [Commits](helm/kind-action@dda0770...92086f6)

Updates `slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](slsa-framework/slsa-github-generator@v2.0.0...v2.1.0)

Updates `slsa-framework/slsa-verifier` from 2.5.1 to 2.7.1
- [Release notes](https://github.com/slsa-framework/slsa-verifier/releases)
- [Changelog](https://github.com/slsa-framework/slsa-verifier/blob/main/RELEASE.md)
- [Commits](slsa-framework/slsa-verifier@v2.5.1...v2.7.1)

Updates `slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](slsa-framework/slsa-github-generator@v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: helm/kind-action
  dependency-version: 1.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: slsa-framework/slsa-verifier
  dependency-version: 2.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 3, 2026
@poiana poiana requested review from Issif and alacuku February 3, 2026 21:58
@poiana poiana added the size/XS label Feb 3, 2026
alacuku
alacuku approved these changes Feb 5, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@alacuku alacuku left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@poiana poiana added the lgtm label Feb 5, 2026
@poiana
Copy link
Copy Markdown

poiana commented Feb 5, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alacuku, dependabot[bot]

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana added the approved label Feb 5, 2026
@poiana poiana merged commit 6e4de4c into main Feb 5, 2026
9 checks passed
@poiana poiana deleted the dependabot/github_actions/actions-2f211efb6a branch February 5, 2026 22:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alacuku alacuku alacuku approved these changes

@Issif Issif Awaiting requested review from Issif

Assignees

@alacuku alacuku

Labels

approved dco-signoff: yes dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code lgtm size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@poiana @alacuku