Skip to content

gha: bump anchore/sbom-action from 0.21.0 to 0.21.1 #839

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jauderho merged 1 commit into from
Jan 9, 2026
Merged

gha: bump anchore/sbom-action from 0.21.0 to 0.21.1 #839

jauderho merged 1 commit into from
Jan 9, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 9, 2026
edited by ellipsis-dev bot
Loading

Bumps anchore/sbom-action from 0.21.0 to 0.21.1.

Release notes

Sourced from anchore/sbom-action's releases.

v0.21.1

Changes in v0.21.1

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Important

Bumps anchore/sbom-action from 0.21.0 to 0.21.1 in release.yml, updating Syft to v1.40.0.

  • Workflow Update:
    • Bumps anchore/sbom-action from 0.21.0 to 0.21.1 in release.yml.
    • Updates Syft to v1.40.0 as part of the anchore/sbom-action update.
  • Files Affected:
    • .github/workflows/release.yml: Updates the Generate SBOM step to use the new version of anchore/sbom-action.

This description was created by Ellipsis for 28c49aa. You can customize this summary. It will automatically update as commits are pushed.

@dependabot
gha: bump anchore/sbom-action from 0.21.0 to 0.21.1
28c49aa 
Bumps [anchore/sbom-action](https://github.com/anchore/sbom-action) from 0.21.0 to 0.21.1.
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@a930d0a...0b82b0b)

---
updated-dependencies:
- dependency-name: anchore/sbom-action
  dependency-version: 0.21.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Jan 9, 2026
@semanticdiff-com
Copy link

semanticdiff-com bot commented Jan 9, 2026
edited
Loading

Review changes with  SemanticDiff

Changed Files
File Status
  .github/workflows/release.yml  0% smaller

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 9, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

ellipsis-dev[bot]
ellipsis-dev bot reviewed Jan 9, 2026
View reviewed changes
Copy link

@ellipsis-dev ellipsis-dev bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Important

Looks good to me! 👍

Reviewed everything up to 28c49aa in 1 minute and 2 seconds. Click for details.
  • Reviewed 13 lines of code in 1 files
  • Skipped 0 files when reviewing.
  • Skipped posting 1 draft comments. View those below.
  • Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. .github/workflows/release.yml:93
  • Draft comment:
    The inline comment still says '# v0.6.0', which is inconsistent with the bumped anchore/sbom-action version (v0.21.1). Consider updating or removing the comment to avoid confusion. Also, if a release tag (like v0.21.1) is available, use it instead of a commit SHA for clarity.
  • Reason this comment was not posted:
    Comment was on unchanged code.

Workflow ID: wflow_o3HLHNJT1cyEs38y

You can customize Ellipsis by changing your verbosity settings, reacting with 👍 or 👎, replying to comments, or adding code review rules.

@jauderho jauderho merged commit f89bb23 into main Jan 9, 2026
10 of 20 checks passed
@jauderho jauderho deleted the dependabot/github_actions/anchore/sbom-action-0.21.1 branch January 9, 2026 08:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ellipsis-dev ellipsis-dev[bot] ellipsis-dev[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jauderho