Bump actions/checkout from 4.2.1 to 4.2.2

[dependabot]

Bumps actions/checkout from 4.2.1 to 4.2.2.

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

... (truncated)

Commits

• 11bd719 Prepare 4.2.2 Release (#1953)
• e3d2460 Expand unit test coverage (#1946)
• 163217d url-helper.ts now leverages well-known environment variables. (#1941)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (2478730) to head (085f908).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #568   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            8         8           
  Lines          151       151           
  Branches        15        15           
=========================================
  Hits           151       151           

Flag	Coverage Δ
python-3.10	100.00% <ø> (ø)
python-3.11	100.00% <ø> (ø)
python-3.12	100.00% <ø> (ø)
python-3.13	100.00% <ø> (ø)
python-3.9	100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

Test Results

  5 files  ±0    5 suites  ±0   22s ⏱️ ±0s
 36 tests ±0   36 ✅ ±0  0 💤 ±0  0 ❌ ±0 
180 runs  ±0  180 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit 085f908. ± Comparison against base commit 2478730.

♻️ This comment has been updated with latest results.

[github-actions]

🔍 Vulnerabilities of jkreileder/cf-ips-to-hcloud-fw:pr-568

📦 Image Reference jkreileder/cf-ips-to-hcloud-fw:pr-568

digest	sha256:44622b2da6196482378041e2525d73258be8e556cd4d336df778972eb13c16c4
vulnerabilities
size	25 MB
packages	64

📦 Base Image python:3-alpine

also known as	3-alpine3.20 3.13-alpine 3.13-alpine3.20 3.13.0-alpine 3.13.0-alpine3.20 alpine alpine3.20
digest	sha256:6e0d21f66f665a33876d963f3ff6206b13863a17af0d6cfda68097cd415ec128
vulnerabilities

openssl 3.3.2-r0 (apk) pkg:apk/alpine/[email protected]?os_name=alpine&os_version=3.20 Affected range <3.3.2-r1 Fixed version 3.3.2-r1 EPSS Score 0.04% EPSS Percentile 11th percentile Description

[github-actions]

Recommended fixes for image jkreileder/cf-ips-to-hcloud-fw:pr-568

Base image is python:3-alpine

Name	3.13.0-alpine3.20
Digest	sha256:6e0d21f66f665a33876d963f3ff6206b13863a17af0d6cfda68097cd415ec128
Vulnerabilities
Pushed	2 weeks ago
Size	16 MB
Packages	43
Flavor	alpine
OS	3.20
Runtime	3.13.0

The base image is also available under the supported tag(s): 3-alpine3.20, 3.13-alpine, 3.13-alpine3.20, 3.13.0-alpine, 3.13.0-alpine3.20, alpine, alpine3.20

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

Tag	Details	Pushed	Vulnerabilities
3-alpine Newer image for same tag Also known as: alpine alpine3.20 3.13.0-alpine 3.13.0-alpine3.20 3.13-alpine 3.13-alpine3.20 3-alpine3.20	Benefits: Same OS detected Minor runtime version update Newer image for same tag Image contains 2 fewer packages Tag is preferred tag Tag was pushed more recently Image has similar size Image has same number of vulnerabilities 3-alpine was pulled 51K times last month Image details: Size: 16 MB Flavor: alpine OS: 3.20 Runtime: 3.13.0	5 days ago

Change base image

✅ There are no tag recommendations at this time.

[github-actions]

Overview

Image reference	jkreileder/cf-ips-to-hcloud-fw:1	quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-568
- digest	f6c3fb147a85	44622b2da619
- tag	1	pr-568
- provenance	a3b2b14	9636da2
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	27 MB	25 MB (-1.6 MB)
- packages	80	64 (-16)
Base Image	python:3.12.4-alpine3.20 also known as: • 3-alpine • 3-alpine3.20 • 3.12-alpine • 3.12-alpine3.20 • alpine • alpine3.20	python:3-alpine also known as: • 3-alpine3.20 • 3.13-alpine • 3.13-alpine3.20 • 3.13.0-alpine • 3.13.0-alpine3.20 • alpine • alpine3.20
- vulnerabilities

Environment Variables (5 changes)

• - 4 removed
• ± 1 changed
• 4 unchanged

 GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305
-LANG=C.UTF-8
 PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 PYTHONDONTWRITEBYTECODE=1
 PYTHONFAULTHANDLER=1
-PYTHON_GET_PIP_SHA256=ee09098395e42eb1f82ef4acb231a767a6ae85504a9cf9983223df0a7cbd35d7
-PYTHON_GET_PIP_URL=https://github.com/pypa/get-pip/raw/e03e1607ad60522cf34a92e834138eb89f57667c/public/get-pip.py
-PYTHON_PIP_VERSION=24.0
-PYTHON_VERSION=3.12.4
+PYTHON_VERSION=3.13.0

Labels (3 changes)

• ± 3 changed
• 5 unchanged

-org.opencontainers.image.created=2024-07-15T18:40:43.715Z
+org.opencontainers.image.created=2024-10-24T06:56:48.663Z
 org.opencontainers.image.description=Update Hetzner Cloud firewall rules with current Cloudflare IP ranges
 org.opencontainers.image.licenses=MIT
-org.opencontainers.image.revision=a3b2b148963e273bab7629350a036f97ec24e0d7
+org.opencontainers.image.revision=9636da24ac07e0243089de0dde2c4fd3f8d65be2
 org.opencontainers.image.source=https://github.com/jkreileder/cf-ips-to-hcloud-fw
 org.opencontainers.image.title=cf-ips-to-hcloud-fw
 org.opencontainers.image.url=https://github.com/jkreileder/cf-ips-to-hcloud-fw
-org.opencontainers.image.version=1.0.12
+org.opencontainers.image.version=pr-568

Policies (1 improved, 1 worsened, 2 missing data)

Policy Name	jkreileder/cf-ips-to-hcloud-fw:1	quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-568	Change	Standing
Default non-root user	✅	✅		No Change
No AGPL v3 licenses	⚠️ 1	✅	-1	Improved
No fixable critical or high vulnerabilities	✅	✅		No Change
No high-profile vulnerabilities	✅	✅		No Change
No outdated base images	✅	❓ No data
No unapproved base images	❓ No data	❓ No data
Supply chain attestations	✅	⚠️ 2	+2	Worsened

Packages and Vulnerabilities (44 package changes and 4 vulnerability changes)

• ➖ 15 packages removed
• ♾️ 29 packages changed
• 35 packages unchanged

• ✔️ 4 vulnerabilities removed

Changes for packages of type apk (27 changes)

	Package	Version jkreileder/cf-ips-to-hcloud-fw:1	Version quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-568
♾️	.python-rundeps	20240715.184054	20241017.164351
♾️	ca-certificates-bundle	20240226-r0	20240705-r0
➖	e2fsprogs	1.47.0-r5
♾️	expat	2.6.2-r0	2.6.3-r0
		Removed vulnerabilities (3):
➖	gettext	0.22.5-r0
➖	keyutils	1.6.3-r3
➖	keyutils-libs	1.6.3-r3
➖	krb5	1.21.3-r0
➖	krb5-conf	1.0-r2
➖	krb5-libs	1.21.3-r0
➖	libcom_err	1.47.0-r5
♾️	libcrypto3	3.3.1-r1	3.3.2-r0
♾️	libexpat	2.6.2-r0	2.6.3-r0
➖	libintl	0.22.5-r0
♾️	libncursesw	6.4_p20240420-r0	6.4_p20240420-r1
➖	libnsl	2.0.1-r0
♾️	libpanelw	6.4_p20240420-r0	6.4_p20240420-r1
♾️	libssl3	3.3.1-r1	3.3.2-r0
➖	libtirpc	1.3.4-r0
➖	libtirpc-conf	1.3.4-r0
➖	libverto	0.3.2-r2
♾️	ncurses	6.4_p20240420-r0	6.4_p20240420-r1
♾️	ncurses-terminfo-base	6.4_p20240420-r0	6.4_p20240420-r1
♾️	openssl	3.3.1-r1	3.3.2-r0
		Removed vulnerabilities (1):
♾️	tzdata	2024a-r1	2024b-r0
♾️	xz	5.6.1-r3	5.6.2-r0
♾️	xz-libs	5.6.1-r3	5.6.2-r0

Changes for packages of type generic (1 changes)

	Package	Version jkreileder/cf-ips-to-hcloud-fw:1	Version quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-568
♾️	python	3.12.4	3.13.0

Changes for packages of type pypi (16 changes)

	Package	Version jkreileder/cf-ips-to-hcloud-fw:1	Version quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-568
♾️	anyio	4.4.0	4.6.2.post1
♾️	certifi	2024.7.4	2024.8.30
♾️	cf-ips-to-hcloud-fw	1.0.12	1.0.13.dev0
♾️	charset-normalizer	3.3.2	3.4.0
♾️	cloudflare	3.0.1	3.1.0
♾️	hcloud	2.0.1	2.3.0
♾️	httpcore	1.0.5	1.0.6
♾️	httpx	0.27.0	0.27.2
♾️	idna	3.7	3.10
♾️	pip	24.0	24.2
♾️	pydantic	2.8.2	2.9.2
♾️	pydantic-core	2.20.1	2.23.4
♾️	pyyaml	6.0.1	6.0.2
➖	setuptools	70.3.0
♾️	urllib3	2.2.2	2.2.3
➖	wheel	0.43.0