chore(deps): bump webfactory/ssh-agent from 0.5.4 to 0.9.1

[dependabot]

Bumps webfactory/ssh-agent from 0.5.4 to 0.9.1.

Release notes

Sourced from webfactory/ssh-agent's releases.

v0.9.1

What's Changed

• Acknowledge custom command inputs in cleanup.js by @​janopae in webfactory/ssh-agent#235

New Contributors

• @​janopae made their first contribution in webfactory/ssh-agent#235

Full Changelog: webfactory/ssh-agent@v0.9.0...v0.9.1

Update to node20

This release updates the action to run on Node.js v20. When you're running on GitHub hosted runners, just go ahead and update. When you're using self-hosted runners, please make sure you have Node.js v20 installed before updating from v0.8.0 to v0.9.0 of this action.

New Contributors

• @​npwolf made their first contribution in webfactory/ssh-agent#196
• @​benzado made their first contribution in webfactory/ssh-agent#206
• @​felix-seifert made their first contribution in webfactory/ssh-agent#199
• @​archen made their first contribution in webfactory/ssh-agent#201

Full Changelog: webfactory/ssh-agent@v0.8.0...v0.9.0

What's Changed

• Update README.md to reflect latest version by @​npwolf in webfactory/ssh-agent#196
• Remove outdated claim from README by @​benzado in webfactory/ssh-agent#206
• chore: update all versions of actions/checkout to v4 by @​felix-seifert in webfactory/ssh-agent#199
• bump to node20 by @​archen in webfactory/ssh-agent#201

New Contributors

• @​npwolf made their first contribution in webfactory/ssh-agent#196
• @​benzado made their first contribution in webfactory/ssh-agent#206
• @​felix-seifert made their first contribution in webfactory/ssh-agent#199
• @​archen made their first contribution in webfactory/ssh-agent#201

Full Changelog: webfactory/ssh-agent@v0.8.0...v0.9.0

SSH host keys no longer managed – read below 👇

Starting with this release, this action no longer writes GitHub's SSH host keys into the known_hosts SSH config file upon start.

GitHub changed their host keys on short notice this morning, see https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/. We took this as an opportunity to stop maintaining GH SSH keys in the code shipped with this action (#171).

What you need to do:

• On GitHub hosted runners, nothing. ✔︎ These runners ship with SSH host keys (for github.com) maintained by directly by GitHub.
• On self-hosted runners, review and fix your SSH known_hosts file:
  • First, you'll find it bloated with redundant entries for github.com, as described in #106. Remove these entries.
  • Review https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/. You probably removed the old (invalid) SSH key in the previous step.
  • Configure GitHub's current SSH keys as documented on https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
  • As long as versions before v0.8.0 of this action here are run on the self-hosted runner, the old entries will come back. Keep an eye on it, possibly you'll have to rinse & repeat.

Other code changes in this release

... (truncated)

Changelog

Sourced from webfactory/ssh-agent's changelog.

v0.9.1 [2024-03-17]

Fixed

• Fix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (#235)

v0.9.0 [2024-02-06]

Changed

• Update all versions of actions/checkout to v4 (#199)
• Update to Node 20 (#201)

v0.8.0 [2023-03-24]

Changed

• No longer writing GitHub's SSH host keys to known_hosts (#171)
• Update to actions/checkout@v3 (#143)
• Allow the user to override the commands for git, ssh-agent, and ssh-add (#154)

v0.7.0 [2022-10-19]

Added

• Add the log-public-key input that can be used to turn off logging key identities (#122)

Fixed

• Fix path to git binary on Windows, assuming GitHub-hosted runners (#136, #137)
• Fix a nonsensical log message (#139)

v0.6.0 [2022-10-19]

Changed

• Update the version of Node used by the action from 12 to 16 (https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/).

Commits

• a6f90b1 Release v0.9.1
• 72c0bfd Improve documentation on why we use os.userInfo()
• e3f1a8e Acknowledge custom command inputs in cleanup.js (#235)
• b504c19 Update CHANGELOG.md
• dc588b6 Update version numbers in the README examples
• 204eb35 Bump to node20 (#201)
• 9f6f312 chore: update all versions of actions/checkout to v4 (#199)
• 2e59dd7 Remove outdated claim from README (#206)
• fd34b8d Update README.md to reflect latest version (#196)
• d4b9b8f Stop adding GitHub SSH keys (#171)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[deepin-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• debian/deepin/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[deepin-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a linuxdeepin member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.