gha: bump anchore/sbom-action from 0.20.11 to 0.21.0

[dependabot]

Bumps anchore/sbom-action from 0.20.11 to 0.21.0.

Release notes

Sourced from anchore/sbom-action's releases.

v0.21.0

• chore(deps): update Syft to v1.39.0 (#561)
• chore(deps): bump @​octokit/request-error, @​octokit/core and @​octokit/webhooks (#560)
• chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#558)

Commits

• a930d0a chore(deps): update Syft to v1.39.0 (#561)
• e4b2532 chore(deps): bump @​octokit/request-error, @​octokit/core and @​octokit/webhooks...
• 481b254 chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#558)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

Important

Bump anchore/sbom-action from 0.20.11 to 0.21.0 in release.yml, updating dependencies and commit hash.

• GitHub Actions:
  • Bump anchore/sbom-action from 0.20.11 to 0.21.0 in release.yml.
  • Update commit hash for anchore/sbom-action/download-syft to a930d0ac434e3182448fe678398ba5713717112a.
• Dependencies:
  • Update Syft to v1.39.0 within anchore/sbom-action.
  • Bump @octokit/request-error, @octokit/core, and @octokit/webhooks in anchore/sbom-action.

^{This description was created by for c18d146. You can customize this summary. It will automatically update as commits are pushed.}

[semanticdiff-com]

Review changes with  

Changed Files

File	Status
.github/workflows/release.yml	0% smaller

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[ellipsis-dev]

Important

Looks good to me! 👍

Reviewed everything up to c18d146 in 1 minute and 1 seconds. Click for details.

• Reviewed 13 lines of code in 1 files
• Skipped 0 files when reviewing.
• Skipped posting 1 draft comments. View those below.
• Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.

1. .github/workflows/release.yml:93

• Draft comment:
  The commit hash update bumps anchore/sbom-action to v0.21.0, but the inline comment still reads '# v0.6.0'. Consider updating the comment for clarity.
• Reason this comment was not posted:
  Comment was on unchanged code.

Workflow ID: wflow_lSjUGx66Hw6RCvJG

^{You can customize by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.}