dependabot[bot] opened a new pull request, #8328: URL: https://github.com/apache/storm/pull/8328
Bumps [burnett01/rsync-deployments](https://github.com/burnett01/rsync-deployments) from 5.2 to 8. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/burnett01/rsync-deployments/releases";>burnett01/rsync-deployments's releases</a>.</em></p> <blockquote> <h2>v8</h2> <p><img src="https://github.com/user-attachments/assets/8dbb8e57-1ec3-4cd0-8b09-ef5c0c543163"; alt="v8-release-banner" /></p> <h2>What's Changed</h2> <p>Version v8 (8.0.2) offers the following features:</p> <ul> <li>feat: latest Alpine 3.23.0</li> <li>feat: latest Rsync 3.4.1-r1</li> <li>feat: integrate <a href="https://github.com/JoshPiper/rsync-docker/";>rsync-docker</a> 3rd party into this action as 1st party code (no more dependency, better audit, single source of truth) <ul> <li>backported: <ul> <li>agent-start</li> <li>agent-stop</li> <li>agent-askpass</li> <li>agent-add</li> <li>hosts-add</li> <li>hosts-clear</li> </ul> </li> <li>new added: <ul> <li>ssh-init</li> <li>hosts-init</li> </ul> </li> <li>improved: <ul> <li>stricter permissions on .ssh/ folder (700) and known_hosts (600)</li> <li>use set -eu in all scipts</li> </ul> </li> </ul> </li> <li>feat: new <code>strict_host_keys</code> option to enable support for strict host key verification. Default: false (to keep backward compatibility)</li> <li>feat: new <code>debug</code> option to see the commands executed (-x) by this action</li> <li>feat: this action is now scanned for vulnerabilities by Snyk</li> <li>feat; this action is now scanned by CodeQL for Q/A</li> <li>feat: this action now performs CI tasks such as Validation, Linting and Unit Tests</li> <li>fix: various shell syntax for robustness</li> <li>fix: use printf and redirect output to non-stdout instead of echo in sensitive code locations</li> <li>refactor: use $HOME instead of tilde ~ for robustness</li> <li>feat: cross-platform support</li> <li>chore: Deprecate 7.0.2</li> <li>chore: EOL 7.0.0 & 7.0.1</li> </ul> <h2>New release channels:</h2> <p>From now on you can use <code>@v8</code> instead of manually pinning to a version like <code>8.0.2</code>.</p> <p>The benefit of using <code>v8</code> is that you will receive future MINOR+PATCH updates automatically, since <code>v8</code> is a pointer to <code>8.x.x</code>.</p> <p>However, of course you are free to use the regular format like <code>8.0.2</code> directly.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/Burnett01/rsync-deployments/compare/7.1.0...8.0.2";>https://github.com/Burnett01/rsync-deployments/compare/7.1.0...8.0.2</a></p> <h3>Contributors:</h3> <ul> <li><a href="https://github.com/Burnett01";><code>@Burnett01</code></a></li> <li><a href="https://github.com/JoshPiper";><code>@JoshPiper</code></a></li> </ul> <h2>7.1.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/0c902521b8b9135f0dae7841a01d7d3b19629cb2";><code>0c90252</code></a> Release/8.0.2 (<a href="https://redirect.github.com/burnett01/rsync-deployments/issues/93";>#93</a>)</li> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/68d1fd5150b8ed8c049987b6e80e59bc7b58ce94";><code>68d1fd5</code></a> chore: 8.0.1</li> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/2c22263f9c116103b13de1e8296bab6485df51c9";><code>2c22263</code></a> fix: regression - using echo instead of printf again <a href="https://redirect.github.com/burnett01/rsync-deployments/issues/90";>#90</a></li> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/8a39558686764f1e9243f63fa796e00815ea0cc0";><code>8a39558</code></a> feat: add README for SSH agent and known_hosts management scripts</li> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/0f1cb7924d785b6a10471b40dc8dd30fa8309eaa";><code>0f1cb79</code></a> fix: permissions of docker-rsync scripts</li> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/05a269aeea3e70e1e8fe77064e475a5cb2c80b20";><code>05a269a</code></a> v8 - 8.0.0 (<a href="https://redirect.github.com/burnett01/rsync-deployments/issues/88";>#88</a>)</li> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/92961b588012d4a14019bf5a2c9bc4e77a8bef03";><code>92961b5</code></a> feat: always force-upgrade alpine openssl</li> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/96abc27e056a27914e15234b083b7932f7fab4b7";><code>96abc27</code></a> fix: snyk-docker-vulnerability-scan sarif</li> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/7e729bf4dd4100293d3cc327d248f01071a0920f";><code>7e729bf</code></a> fix: snyk-docker-vulnerability-scan sarif</li> <li><a href="https://github.com/Burnett01/rsync-deployments/commit/c23b68a9ef159f28f3bbe791710b34843e556347";><code>c23b68a</code></a> chore: snyk output sarif file content</li> <li>Additional commits viewable in <a href="https://github.com/burnett01/rsync-deployments/compare/0dc935cdecc5f5e571865e60d2a6cdc673704823...0c902521b8b9135f0dae7841a01d7d3b19629cb2";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
