From dd8a48c16b4bad32bcd81128ee7920d51b7aafc8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 12 Jul 2026 22:53:58 +0000 Subject: [PATCH] chore(deps): bump anchore/sbom-action from 0.17.9 to 0.24.0 Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.9 to 0.24.0. - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](https://github.com/anchore/sbom-action/compare/df80a981bc6edbc4e220a492d3cbe9f5547a6e75...e22c389904149dbc22b58101806040fa8d37a610) --- updated-dependencies: - dependency-name: anchore/sbom-action dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index aea8ea6..638271e 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -59,7 +59,7 @@ jobs: cache-to: type=gha,mode=max,scope=${{ matrix.image }} - uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 with: {image-ref: "ghcr.io/lightcode-team/${{ matrix.image }}:sha-${{ github.sha }}", vuln-type: "os,library", severity: "HIGH,CRITICAL", ignore-unfixed: true, exit-code: "1"} - - uses: anchore/sbom-action@df80a981bc6edbc4e220a492d3cbe9f5547a6e75 # v0.17.9 + - uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610 # v0.24.0 with: {image: "ghcr.io/lightcode-team/${{ matrix.image }}:sha-${{ github.sha }}", artifact-name: "${{ matrix.image }}-sbom.spdx.json"} promote: needs: publish