Skip to content

ci: Bump anchore/sbom-action from 63cb575d30b83445769f98c4725d7125db09688f to 4a83e1fa8a49c8b54b2478e3dfafcc2d1417b432#1354

Merged
xsscx merged 1 commit into
masterfrom
dependabot/github_actions/anchore/sbom-action-4a83e1fa8a49c8b54b2478e3dfafcc2d1417b432
Jun 15, 2026
Merged

ci: Bump anchore/sbom-action from 63cb575d30b83445769f98c4725d7125db09688f to 4a83e1fa8a49c8b54b2478e3dfafcc2d1417b432#1354
xsscx merged 1 commit into
masterfrom
dependabot/github_actions/anchore/sbom-action-4a83e1fa8a49c8b54b2478e3dfafcc2d1417b432

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps anchore/sbom-action from 63cb575d30b83445769f98c4725d7125db09688f to 4a83e1fa8a49c8b54b2478e3dfafcc2d1417b432.

Changelog

Sourced from anchore/sbom-action's changelog.

Release

A release publishes a vX.Y.Z git tag, a GitHub release with a chronicle-generated changelog, and the committed dist/index.cjs. Aim for a 1–2 week cadence.

From a clean checkout of main:

make release

Updating Syft

make update-syft-release repins src/SyftVersion.ts and rebuilds dist/ — review the diff and open a PR. Requires gh auth.

Commits
  • 4a83e1f chore(deps-dev): bump type-fest from 5.6.0 to 5.7.0 (#673)
  • 7eff871 chore(deps-dev): bump eslint from 10.4.0 to 10.4.1 (#672)
  • b120966 chore(deps): bump anchore/go-make in /.github/actions/bootstrap (#678)
  • 1ff4587 chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#675)
  • 8220e10 chore(deps): bump anchore/workflows/.github/workflows/codeql.yaml (#674)
  • f58216b chore(deps-dev): bump typescript-eslint from 8.60.0 to 8.60.1 (#671)
  • d3c6a7a chore(deps-dev): bump tsx from 4.22.3 to 4.22.4 (#670)
  • 398ae81 chore(deps-dev): bump shell-quote from 1.8.3 to 1.8.4 (#669)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
ci: Bump anchore/sbom-action
f871b31 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 63cb575d30b83445769f98c4725d7125db09688f to 4a83e1fa8a49c8b54b2478e3dfafcc2d1417b432.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@63cb575...4a83e1f)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 4a83e1fa8a49c8b54b2478e3dfafcc2d1417b432
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies dependencies github-actions GitHub Actions workflow or action configuration labels Jun 15, 2026
@dependabot dependabot Bot added dependencies dependencies github-actions GitHub Actions workflow or action configuration labels Jun 15, 2026
@github-actions github-actions Bot added Configuration Repository, CMake, YAML, JSON, or tool configuration Docker Dockerfile, container, or image workflow changes ci Continuous integration workflow changes pending CI checks still running passed All CI checks passed and removed pending CI checks still running labels Jun 15, 2026
xsscx
xsscx approved these changes Jun 15, 2026
View reviewed changes

@xsscx xsscx left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2026-06-15 10:51:54 UTC

@xsscx xsscx merged commit cda44b4 into master Jun 15, 2026
32 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/anchore/sbom-action-4a83e1fa8a49c8b54b2478e3dfafcc2d1417b432 branch June 15, 2026 10:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xsscx xsscx xsscx approved these changes

@dwtza dwtza Awaiting requested review from dwtza dwtza is a code owner

@maxderhak maxderhak Awaiting requested review from maxderhak maxderhak is a code owner

@ChrisCoxArt ChrisCoxArt Awaiting requested review from ChrisCoxArt ChrisCoxArt is a code owner

Assignees

No one assigned

Labels

ci Continuous integration workflow changes Configuration Repository, CMake, YAML, JSON, or tool configuration dependencies dependencies Docker Dockerfile, container, or image workflow changes github-actions GitHub Actions workflow or action configuration passed All CI checks passed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xsscx