Skip to content

Lineage pull request for: skeleton#240

Merged
mcdonnnj merged 7 commits intodevelopfrom
lineage/skeleton
Sep 4, 2025
Merged

Lineage pull request for: skeleton#240
mcdonnnj merged 7 commits intodevelopfrom
lineage/skeleton

Conversation

@cisagovbot
Copy link

@cisagovbot cisagovbot commented Sep 3, 2025
edited by mcdonnnj
Loading

Lineage Pull Request

Lineage has created this pull request to incorporate new changes found in an upstream repository:

Upstream repository: https://github.com/cisagov/skeleton-docker.git
Remote branch: HEAD

Check the changes in this pull request to ensure they won't cause issues with your project.

✅ Pre-approval checklist

Remove any of the following that do not apply. If you're unsure about any of these, don't hesitate to ask. We're here to help!

  • All relevant type-of-change labels have been added.
  • All new and existing tests pass.

Note

You are seeing this because one of this repository's maintainers has configured Lineage to open pull requests.

For more information:

🛠 Lineage configurations for this project are stored in .github/lineage.yml

📚 Read more about Lineage
dependabot bot and others added 7 commits August 12, 2025 01:15
@dependabot
Bump actions/download-artifact from 4 to 5
d8881be 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v5) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
Bump aquasecurity/trivy-action from 0.32.0 to 0.33.0
97e6cc4 
Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.32.0 to 0.33.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.32.0...0.33.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.33.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
@mcdonnnj
Sync the versions of bandit used by pre-commit
28edbab 
We use the `bandit` hook twice in the pre-commit configuration: once for the `tests/` subdirectory and once for everything _except_ the `tests/` subdirectory. These two hooks should be using the same version of the `bandit` hook, but the second use was missed when updating hook versions from upstream.
@mcdonnnj
Merge pull request #243 from cisagov/dependabot/github_actions/action…
db2ec5a 
…s/download-artifact-5 Bump actions/download-artifact from 4 to 5
@mcdonnnj
Merge pull request #245 from cisagov/dependabot/github_actions/aquase…
8e49565 
…curity/trivy-action-0.33.0 Bump aquasecurity/trivy-action from 0.32.0 to 0.33.0
@mcdonnnj
Merge pull request #246 from cisagov/bug/sync_bandit_pre-commit_hooks
ac1210e 
Sync the versions of `bandit` used by pre-commit
Merge https://github.com/cisagov/skeleton-docker into lineage/skeleton
63e97c3
@cisagovbot cisagovbot added the upstream update This issue or pull request pulls in upstream updates label Sep 3, 2025
@mcdonnnj mcdonnnj unassigned jsf9k and dav3r Sep 4, 2025
@mcdonnnj mcdonnnj added the github-actions Pull requests that update GitHub Actions code label Sep 4, 2025
@mcdonnnj mcdonnnj requested review from a team and Copilot September 4, 2025 14:06
@mcdonnnj mcdonnnj added the dependencies Pull requests that update a dependency file label Sep 4, 2025
@mcdonnnj mcdonnnj enabled auto-merge September 4, 2025 14:06
Copilot AI reviewed Sep 4, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates dependencies across pre-commit configuration and GitHub Actions workflows to incorporate upstream changes from the skeleton-docker repository.

  • Updated bandit security linter from version 1.7.10 to 1.8.3
  • Updated GitHub Actions dependencies including download-artifact and trivy-action to newer versions

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.pre-commit-config.yaml Updates bandit security linter version for improved security scanning
.github/workflows/build.yml Updates GitHub Actions dependencies for artifact handling and vulnerability scanning

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
@mcdonnnj mcdonnnj merged commit 81d12ab into develop Sep 4, 2025
27 checks passed
@mcdonnnj mcdonnnj deleted the lineage/skeleton branch September 4, 2025 14:43
cisagovbot pushed a commit that referenced this pull request Jan 1, 2026
@jsf9k
Merge pull request #240 from cisagov/dependabot/github_actions/action…
2f14595 
…s/checkout-6 Bump actions/checkout from 5 to 6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code upstream update This issue or pull request pulls in upstream updates

6 participants

@cisagovbot @jsf9k @dv4harr10 @dav3r @mcdonnnj