Skip to content

⬆️upgrade(ci): Bump anchore/sbom-action from 0.17.9 to 0.24.0 in /.github/workflows#180

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/main/anchore/sbom-action-0.24.0
Closed

⬆️upgrade(ci): Bump anchore/sbom-action from 0.17.9 to 0.24.0 in /.github/workflows#180
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/main/anchore/sbom-action-0.24.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026

Copy link
Copy Markdown
Contributor

Bumps anchore/sbom-action from 0.17.9 to 0.24.0.

Release notes

Sourced from anchore/sbom-action's releases.

v0.24.0

⬆️ Dependencies

v0.23.1

⬆️ Dependencies

v0.23.0

v0.22.2

⬆️ Dependencies

v0.22.1

⬆️ Dependencies

v0.22.0

Changes in v0.22.0

⬆️ Dependencies

v0.21.1

Changes in v0.21.1

... (truncated)

Commits
  • e22c389 chore(deps): update Syft to v1.42.3 (#615)
  • 36a5fde chore: update to node 24 + deps (#614)
  • a0a6512 chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#608)
  • 57aae52 chore(deps): update Syft to v1.42.2 (#607)
  • c29e913 chore(deps): bump fast-xml-parser and other deps (#604)
  • 17ae174 chore(deps/test): move to es modules, node:test, single dist file (#595)
  • 6d473d3 chore(deps): update Syft to v1.42.1 (#599)
  • 60619e7 fix tests and bump fast-xml-parser (#598)
  • e2bd58a chore(deps-dev): bump the dev-dependencies group with 3 updates (#592)
  • d032d7d ci(syft auto update): npm ci, not npm install (#597)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
⬆️upgrade(ci): Bump anchore/sbom-action in /.github/workflows
5194e06 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.17.9 to 0.24.0.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@df80a98...e22c389)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 0.24.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added source:💚github_actions Changes for GitHub Actions source:🤖bot GitHub Robots labels Apr 30, 2026
@CLAassistant

CLAassistant commented Apr 30, 2026

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions

github-actions Bot commented May 31, 2026

Copy link
Copy Markdown

The Pull Request has been marked as stale due to inactivity. Please show activity within 8 days or it will be automatically closed.

@github-actions

github-actions Bot commented Jun 8, 2026

Copy link
Copy Markdown

The Pull Request has been automatically closed.

@github-actions github-actions Bot closed this Jun 8, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/github_actions/dot-github/workflows/main/anchore/sbom-action-0.24.0 branch June 8, 2026 04:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

source:🤖bot GitHub Robots source:💚github_actions Changes for GitHub Actions status: ✔️ automatic-closing status: ⌛ automatic-stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CLAassistant