Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump codecov/codecov-action from 5.1.1 to 5.1.2 #653

Merged
merged 2 commits into from
Dec 19, 2024
Merged

Bump codecov/codecov-action from 5.1.1 to 5.1.2 #653

merged 2 commits into from
Dec 19, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 19, 2024

Bumps codecov/codecov-action from 5.1.1 to 5.1.2.

Release notes

Sourced from codecov/codecov-action's releases.

v5.1.2

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.1.1...v5.1.2

Changelog

Sourced from codecov/codecov-action's changelog.

v5.1.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2

v5.1.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.0..v5.1.1

v5.1.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.7..v5.1.0

v5.0.7

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.6..v5.0.7

v5.0.6

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.0.5..v5.0.6

v5.0.5

What's Changed

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump codecov/codecov-action from 5.1.1 to 5.1.2
01476cb 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.1.1 to 5.1.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@7f8b4b4...1e68e06)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 19, 2024
@dependabot dependabot bot requested a review from jkreileder as a code owner December 19, 2024 02:51
@codecov Codecov
Copy link

codecov bot commented Dec 19, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (5e3acca) to head (d74124e).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff            @@
##              main      #653   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            8         8           
  Lines          151       151           
  Branches        15        15           
=========================================
  Hits           151       151
Flag Coverage Δ
python-3.10 100.00% <ø> (ø)
python-3.11 100.00% <ø> (ø)
python-3.12 100.00% <ø> (ø)
python-3.13 100.00% <ø> (ø)
python-3.9 100.00% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 19, 2024
edited
Loading

Test Results

  5 files  ±0    5 suites  ±0   21s ⏱️ ±0s
 36 tests ±0   36 ✅ ±0  0 💤 ±0  0 ❌ ±0 
180 runs  ±0  180 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit d74124e. ± Comparison against base commit 5e3acca.

♻️ This comment has been updated with latest results.

@jkreileder jkreileder enabled auto-merge (squash) December 19, 2024 12:58
@github-actions GitHub Actions
Copy link

🔍 Vulnerabilities of jkreileder/cf-ips-to-hcloud-fw:pr-653

📦 Image Reference jkreileder/cf-ips-to-hcloud-fw:pr-653
digestsha256:bd5c90714c4430272535385c25ff5d7f5db9fc8b336842e8f8e50895a6f6fbd9
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
platformlinux/amd64
size28 MB
packages62
📦 Base Image python:3-alpine
also known as
  • 3-alpine3.20
  • 3.13-alpine
  • 3.13-alpine3.20
  • 3.13.1-alpine
  • 3.13.1-alpine3.20
  • alpine
  • alpine3.20
digestsha256:7bc78c6d338ab35ff94c90207c8b5457185f50f1fc059089f0b0069c8184280c
vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0

@github-actions GitHub Actions
Copy link

Recommended fixes for image jkreileder/cf-ips-to-hcloud-fw:pr-653

Base image is python:3-alpine

Name3.13.1-alpine3.20
Digestsha256:7bc78c6d338ab35ff94c90207c8b5457185f50f1fc059089f0b0069c8184280c
Vulnerabilitiescritical: 0 high: 0 medium: 0 low: 0
Pushed2 weeks ago
Size19 MB
Packages41
Flavoralpine
OS3.20
Runtime3.13.1
The base image is also available under the supported tag(s): 3-alpine3.20, 3.13-alpine, 3.13-alpine3.20, 3.13.1-alpine, 3.13.1-alpine3.20, alpine, alpine3.20

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.
TagDetailsPushedVulnerabilities
3-alpine
Newer image for same tag
Also known as:
  • alpine
  • alpine3.21
  • 3.13.1-alpine
  • 3.13.1-alpine3.21
  • 3.13-alpine
  • 3.13-alpine3.21
  • 3-alpine3.21
 Benefits:
  • Same OS detected
  • Minor runtime version update
  • Newer image for same tag
  • Image is smaller by 2.2 MB
  • Tag is preferred tag
  • Tag was pushed more recently
  • Image has same number of vulnerabilities
  • Image contains similar number of packages
  • 3-alpine was pulled 51K times last month
Image details:
  • Size: 17 MB
  • Flavor: alpine
  • OS: 3.21
  • Runtime: 3.13.1
 1 week ago



Change base image

✅ There are no tag recommendations at this time.

@github-actions GitHub Actions
Copy link

Overview

Image reference jkreileder/cf-ips-to-hcloud-fw:1 quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-653
- digest 70eafa0243eb bd5c90714c44
- tag 1 pr-653
- provenance e4eb5d1 7e6c52c
- vulnerabilities critical: 0 high: 0 medium: 2 low: 0 critical: 0 high: 0 medium: 0 low: 0
- platform linux/amd64 linux/amd64
- size 22 MB 28 MB (+6.3 MB)
- packages 64 62 (-2)
Base Image python:3-alpine
also known as:
3-alpine3.20
3.13-alpine
3.13-alpine3.20
alpine
alpine3.20		 python:3-alpine
also known as:
3-alpine3.20
3.13-alpine
3.13-alpine3.20
3.13.1-alpine
3.13.1-alpine3.20
alpine
alpine3.20
- vulnerabilities critical: 0 high: 0 medium: 2 low: 0 critical: 0 high: 0 medium: 0 low: 0
Environment Variables (2 changes)
  • + 1 added
  • ± 1 changed
  • 4 unchanged
 GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305
 PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 PYTHONDONTWRITEBYTECODE=1
 PYTHONFAULTHANDLER=1
+PYTHON_SHA256=9cf9427bee9e2242e3877dd0f6b641c1853ca461f39d6503ce260a59c80bf0d9
-PYTHON_VERSION=3.13.0
+PYTHON_VERSION=3.13.1
Labels (3 changes)
  • ± 3 changed
  • 5 unchanged
-org.opencontainers.image.created=2024-11-08T09:30:05.868Z
+org.opencontainers.image.created=2024-12-19T13:02:50.166Z
 org.opencontainers.image.description=Update Hetzner Cloud firewall rules with current Cloudflare IP ranges
 org.opencontainers.image.licenses=MIT
-org.opencontainers.image.revision=e4eb5d1df244d0bc3ea7f09542b95c5368fbc7ab
+org.opencontainers.image.revision=7e6c52cb19efc3ac8d490ddc49142b7237f357f2
 org.opencontainers.image.source=https://github.com/jkreileder/cf-ips-to-hcloud-fw
 org.opencontainers.image.title=cf-ips-to-hcloud-fw
 org.opencontainers.image.url=https://github.com/jkreileder/cf-ips-to-hcloud-fw
-org.opencontainers.image.version=1.0.14
+org.opencontainers.image.version=pr-653
Policies (0 improved, 1 worsened, 2 missing data)
Policy Name jkreileder/cf-ips-to-hcloud-fw:1 quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-653 Change Standing
Default non-root user No Change
No AGPL v3 licenses No Change
No fixable critical or high vulnerabilities No Change
No high-profile vulnerabilities No Change
No outdated base images ❓ No data
No unapproved base images ❓ No data
Supply chain attestations ⚠️ 2 +2 Worsened
Packages and Vulnerabilities (17 package changes and 2 vulnerability changes)
  • ➖ 2 packages removed
  • ♾️ 15 packages changed
  • 47 packages unchanged
  • ✔️ 2 vulnerabilities removed
Changes for packages of type apk (10 changes)
Package Version
jkreileder/cf-ips-to-hcloud-fw:1		 Version
quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-653
♾️ .python-rundeps 20241017.164351 20241205.142133
expat 2.6.3-r0
critical: 0 high: 0 medium: 1 low: 0
Removed vulnerabilities (1):
  • medium : CVE--2024--50602
♾️ libcrypto3 3.3.2-r0 3.3.2-r1
libexpat 2.6.3-r0
♾️ libncursesw 6.4_p20240420-r1 6.4_p20240420-r2
♾️ libpanelw 6.4_p20240420-r1 6.4_p20240420-r2
♾️ libssl3 3.3.2-r0 3.3.2-r1
♾️ ncurses 6.4_p20240420-r1 6.4_p20240420-r2
♾️ ncurses-terminfo-base 6.4_p20240420-r1 6.4_p20240420-r2
♾️ openssl 3.3.2-r0 3.3.2-r1
critical: 0 high: 0 medium: 1 low: 0
Removed vulnerabilities (1):
  • medium : CVE--2024--9143
Changes for packages of type generic (1 changes)
Package Version
jkreileder/cf-ips-to-hcloud-fw:1		 Version
quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-653
♾️ python 3.13.0 3.13.1
Changes for packages of type pypi (6 changes)
Package Version
jkreileder/cf-ips-to-hcloud-fw:1		 Version
quay.io/jkreileder/cf-ips-to-hcloud-fw:pr-653
♾️ anyio 4.6.2.post1 4.7.0
♾️ cf-ips-to-hcloud-fw 1.0.14 1.0.15.dev0
♾️ cloudflare 3.1.0 3.1.1
♾️ httpcore 1.0.6 1.0.7
♾️ pip 24.2 24.3.1
♾️ six 1.16.0 1.17.0

@jkreileder jkreileder merged commit 78f5f8a into main Dec 19, 2024
57 checks passed
@jkreileder jkreileder deleted the dependabot/github_actions/codecov/codecov-action-5.1.2 branch December 19, 2024 13:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkreileder jkreileder jkreileder approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jkreileder