chore(deps): bump oras-project/setup-oras from 1 to 2#234
Conversation
Bumps [oras-project/setup-oras](https://github.com/oras-project/setup-oras) from 1 to 2. - [Release notes](https://github.com/oras-project/setup-oras/releases) - [Commits](oras-project/setup-oras@v1...v2) --- updated-dependencies: - dependency-name: oras-project/setup-oras dependency-version: '2' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Greptile SummaryThis PR bumps Confidence Score: 5/5Safe to merge — minimal, automated dependency bump with no logic changes and security improvements in v2. Single-line change bumping a GitHub Action from v1 to v2. The v2 release fixes 5 CVEs and upgrades the Node.js runtime; no behavioral changes to the release workflow itself. All other action references in the file use the same mutable-tag pattern, so this is consistent. No files require special attention. Important Files Changed
Sequence DiagramsequenceDiagram
participant GHA as GitHub Actions Runner
participant SetupORAS as oras-project/setup-oras@v2
participant GHCR as ghcr.io
GHA->>SetupORAS: Install ORAS CLI (v1.3.1)
SetupORAS-->>GHA: ORAS CLI ready (node24 runtime)
GHA->>GHCR: helm registry login
GHA->>GHCR: oras push ArtifactHub metadata
Reviews (1): Last reviewed commit: "chore(deps): bump oras-project/setup-ora..." | Re-trigger Greptile |
janhoon
left a comment
janhoon
left a comment
There was a problem hiding this comment.
Approved dependency update per maintainer request.
1 participant
Bumps oras-project/setup-oras from 1 to 2.
Release notes
Sourced from oras-project/setup-oras's releases.
... (truncated)
Commits
38de303chore: release v2.0.0 (#160)bbd8d79chore(deps): bump@actions/coreto 3.x and@actions/tool-cacheto 4.x (#159)44d83f3chore(deps): Bump@types/nodefrom 24.12.0 to 25.5.2 (#158)dd86831fix: pin undici to >=6.24.1 to address CVEs (#157)be45691feat: migrate action runtime from node20 to node24 (#153)f0fe559Add version 1.3.1 with checksums from … (#150)0db6c65chore(deps): Bump@types/nodefrom 25.0.3 to 25.5.0 (#149)8a0db1echore(deps): Bump typescript from 5.9.3 to 6.0.2 (#151)bd8ffedchore: add TerryHowe to owners and code owners (#152)c33dd38chore(deps): Bump@types/nodefrom 25.0.2 to 25.0.3 (#131)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)