chore(deps): Bump the github-actions group with 5 updates by dependabot[bot] · Pull Request #3 · hyperpolymath/aerie

dependabot · 2026-03-03T21:52:07Z

Bumps the github-actions group with 5 updates:

Package	From	To
actions/checkout	`6.0.1`	`6.0.2`
erlef/setup-beam	`1.17.5`	`1.21.0`
actions/github-script	`7.0.1`	`8.0.0`
dtolnay/rust-toolchain	`f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561`	`efa25f7f19611383d5b0ccf2d1c8914531636bf9`
trufflesecurity/trufflehog	`3.92.5`	`3.93.6`

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
See full diff in compare view

Updates erlef/setup-beam from 1.17.5 to 1.21.0

Release notes

Sourced from erlef/setup-beam's releases.

v1.21.0

What's Changed

Bump eslint from 9.30.1 to 9.31.0 by @dependabot[bot] in erlef/setup-beam#365

Bump csv-parse from 5.6.0 to 6.0.0 by @dependabot[bot] in erlef/setup-beam#364

Bump @eslint/js from 9.30.1 to 9.31.0 by @dependabot[bot] in erlef/setup-beam#363

Bump csv-parse from 6.0.0 to 6.1.0 by @dependabot[bot] in erlef/setup-beam#366

Allow for Windows'25 container by @essen in erlef/setup-beam#388

Bump raven-actions/actionlint from 2.0.1 to 2.1.0 by @dependabot[bot] in erlef/setup-beam#401

Bump actions/setup-node from 4.4.0 to 6.1.0 by @dependabot[bot] in erlef/setup-beam#400

Bump js-yaml from 4.1.0 to 4.1.1 in the npm_and_yarn group across 1 directory by @dependabot[bot] in erlef/setup-beam#396

Bump eslint from 9.31.0 to 9.38.0 by @dependabot[bot] in erlef/setup-beam#394

Bump shellcheck from 3.1.0 to 4.1.0 by @dependabot[bot] in erlef/setup-beam#376

Bump globals from 16.3.0 to 16.4.0 by @dependabot[bot] in erlef/setup-beam#383

Bump @vercel/ncc from 0.38.3 to 0.38.4 by @dependabot[bot] in erlef/setup-beam#387

Improve output (around "Requested ... version") when we know input by @paulo-ferraz-oliveira in erlef/setup-beam#368

Bump actions/checkout from 4.2.2 to 6.0.1 by @dependabot[bot] in erlef/setup-beam#399

Bump the npm_and_yarn group across 1 directory with 2 updates by @dependabot[bot] in erlef/setup-beam#403

Bump @eslint/js from 9.31.0 to 9.38.0 by @dependabot[bot] in erlef/setup-beam#393

New Contributors

@essen made their first contribution in erlef/setup-beam#388

Full Changelog: erlef/setup-beam@v1...v1.21.0

v1.20.4

What's Changed

Fix: more versioning around nightly and maint/main by @paulo-ferraz-oliveira in erlef/setup-beam#359

Dependabot updates

Bump eslint from 9.30.0 to 9.30.1 by @dependabot in erlef/setup-beam#362

Bump @eslint/js from 9.30.0 to 9.30.1 by @dependabot in erlef/setup-beam#360

Bump globals from 16.2.0 to 16.3.0 by @dependabot in erlef/setup-beam#361

Full Changelog: erlef/setup-beam@v1.20.3...v1.20.4

v1.20.3

What's Changed

Handle .tool-versions' line break on Windows by @paulo-ferraz-oliveira in erlef/setup-beam#357

Full Changelog: erlef/setup-beam@v1.20...v1.20.3

v1.20.2

What's Changed

Test for updated doc. on latest / ranges / -rc by @paulo-ferraz-oliveira in erlef/setup-beam#349

Bump eslint from 9.29.0 to 9.30.0 by @dependabot in erlef/setup-beam#354

Bump prettier from 3.6.0 to 3.6.2 by @dependabot in erlef/setup-beam#353

Bump @eslint/js from 9.29.0 to 9.30.0 by @dependabot in erlef/setup-beam#352

Fix calculating -otp- major for Elixir by @paulo-ferraz-oliveira in erlef/setup-beam#351

... (truncated)

Commits

3580539 Automation: update setup-beam version output to fe5485f
fe5485f Bump @eslint/js from 9.31.0 to 9.38.0 (#393)
98de8ff Automation: update setup-beam version output to 6c5fe27
6c5fe27 Bump the npm_and_yarn group across 1 directory with 2 updates (#403)
36214a4 Automation: update setup-beam version output to 972bec8
972bec8 Bump actions/checkout from 4.2.2 to 6.0.1 (#399)
10e9985 Automation: update setup-beam version output to 542d9a8
542d9a8 Improve output (around "Requested ... version") when we know input (#368)
b764149 Automation: update setup-beam version output to cba803d
cba803d Bump @vercel/ncc from 0.38.3 to 0.38.4 (#387)
Additional commits viewable in compare view

Updates actions/github-script from 7.0.1 to 8.0.0

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

Update Node.js version support to 24.x by @salmanmkc in actions/github-script#637

README for updating actions/github-script from v7 to v8 by @sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

@salmanmkc made their first contribution in actions/github-script#637

@sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

Upgrade husky to v9 by @benelan in actions/github-script#482

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/github-script#485

Upgrade IA Publish by @Jcambass in actions/github-script#486

Fix workflow status badges by @joshmgross in actions/github-script#497

Update usage of actions/upload-artifact by @joshmgross in actions/github-script#512

Clear up package name confusion by @joshmgross in actions/github-script#514

Update dependencies with npm audit fix by @joshmgross in actions/github-script#515

Specify that the used script is JavaScript by @timotk in actions/github-script#478

chore: Add Dependabot for NPM and Actions by @nschonni in actions/github-script#472

Define permissions in workflows and update actions by @joshmgross in actions/github-script#531

chore: Add Dependabot for .github/actions/install-dependencies by @nschonni in actions/github-script#532

chore: Remove .vscode settings by @nschonni in actions/github-script#533

ci: Use github/setup-licensed by @nschonni in actions/github-script#473

make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @iamstarkov in actions/github-script#508

Remove octokit README updates for v7 by @joshmgross in actions/github-script#557

docs: add "exec" usage examples by @neilime in actions/github-script#546

Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @dependabot[bot] in actions/github-script#563

Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @dependabot[bot] in actions/github-script#575

Clearly document passing inputs to the script by @joshmgross in actions/github-script#603

Update README.md by @nebuk89 in actions/github-script#610

New Contributors

@benelan made their first contribution in actions/github-script#482

@Jcambass made their first contribution in actions/github-script#485

@timotk made their first contribution in actions/github-script#478

@iamstarkov made their first contribution in actions/github-script#508

@neilime made their first contribution in actions/github-script#546

@nebuk89 made their first contribution in actions/github-script#610

Full Changelog: actions/github-script@v7...v7.1.0

Commits

ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
2dc352e Bold minimum Actions Runner version in README
01e118c Update README for Node 24 runtime requirements
8b222ac Apply suggestion from @salmanmkc
adc0eea README for updating actions/github-script from v7 to v8
20fe497 Merge pull request #637 from actions/node24
e7b7f22 update licenses
2c81ba0 Update Node.js version support to 24.x
f28e40c Merge pull request #610 from actions/nebuk89-patch-1
1ae9958 Update README.md
Additional commits viewable in compare view

Updates dtolnay/rust-toolchain from f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 to efa25f7f19611383d5b0ccf2d1c8914531636bf9

Commits

efa25f7 Add 1.93.1 patch release
See full diff in compare view

Updates trufflesecurity/trufflehog from 3.92.5 to 3.93.6

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.93.6

What's Changed

GH_TOKEN needed for gh by @bill-rich in trufflesecurity/trufflehog#4772

Move verify flag into detectableChunk by @rosecodym in trufflesecurity/trufflehog#4558

Full Changelog: trufflesecurity/trufflehog@v3.93.5...v3.93.6

v3.93.5

What's Changed

Add workspace_id to Slack Continuous metadata by @mariduv in trufflesecurity/trufflehog#4749

fix(release): Disable docker provenance feature by @mariduv in trufflesecurity/trufflehog#4752

Base64 decoding depth assessment by @dxa4481 in trufflesecurity/trufflehog#4744

[INS-246] Add Google Gemini API key detector by @mustansir14 in trufflesecurity/trufflehog#4649

Refactor log package by @mcastorina in trufflesecurity/trufflehog#4734

[INS-309]updated google api version to v0.259.0 by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4736

fix(ftp): set read deadline on connection to prevent indefinite hang by @dylanTruffle in trufflesecurity/trufflehog#4759

added rotation on 403s access_refused, this detector considered them indeterminate failures by @jordanTunstill in trufflesecurity/trufflehog#4740

[INS-283] Support following symlinks in filesystem source by @MuneebUllahKhan222 in trufflesecurity/trufflehog#4742

Fix typos in comments in json-enumerator source by @bradlarsen in trufflesecurity/trufflehog#4764

Fix race condition in release process by @bill-rich in trufflesecurity/trufflehog#4766

Full Changelog: trufflesecurity/trufflehog@v3.93.4...v3.93.5

v3.93.4

What's Changed

Add a new NDJSON / JSONL input source by @bradlarsen in trufflesecurity/trufflehog#4721

Fix typo in CODEOWNERS for pkg/analyzer by @shahzadhaider1 in trufflesecurity/trufflehog#4748

Pre-allocate anthropic analyzer bindings slice capacity with zero length by @kashifkhan0771 in trufflesecurity/trufflehog#4746

Made indeterminate error for JWT detector determinate by @jordanTunstill in trufflesecurity/trufflehog#4745

Optimize the regex pattern in the artifactory access token detector by @shahzadhaider1 in trufflesecurity/trufflehog#4685

Full Changelog: trufflesecurity/trufflehog@v3.93.3...v3.93.4

v3.93.3

What's Changed

OpenAI Admin Key Detector by @amanfcp in trufflesecurity/trufflehog#4689

Full Changelog: trufflesecurity/trufflehog@v3.93.2...v3.93.3

v3.93.2

What's Changed

Fix pre-receive hook hangs and missing logs by flushing logs on signal and using CommandContext for git commands by @jordanTunstill in trufflesecurity/trufflehog#4714

[INS-285] Fix custom detectors line number reporting to match the full regex instead of capture group by @mustansir14 in trufflesecurity/trufflehog#4697

Full Changelog: trufflesecurity/trufflehog@v3.93.1...v3.93.2

... (truncated)

Commits

041f07e Move verify flag into detectableChunk (#4558)
e976603 GH_TOKEN needed for gh (#4772)
7cdc7ef Fix race condition in release process (#4766)
4f1d07f Fix typos in comments in json-enumerator source (#4764)
4563dde [INS-283] Support following symlinks in filesystem source (#4742)
be889fa added rotation on 403s access_refused, this detector considered them indeterm...
e3cbb3a fix(ftp): set read deadline on connection to prevent indefinite hang (#4759)
0de5855 [INS-309]updated google api version to v0.259.0 (#4736)
ec1d9a6 Refactor log package (#4734)
7c84b27 [INS-246] Add Google Gemini API key detector (#4649)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` | | [erlef/setup-beam](https://github.com/erlef/setup-beam) | `1.17.5` | `1.21.0` | | [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `8.0.0` | | [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `efa25f7f19611383d5b0ccf2d1c8914531636bf9` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.92.5` | `3.93.6` | Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@8e8c483...de0fac2) Updates `erlef/setup-beam` from 1.17.5 to 1.21.0 - [Release notes](https://github.com/erlef/setup-beam/releases) - [Commits](erlef/setup-beam@2f0cc07...3580539) Updates `actions/github-script` from 7.0.1 to 8.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@60a0d83...ed59741) Updates `dtolnay/rust-toolchain` from f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 to efa25f7f19611383d5b0ccf2d1c8914531636bf9 - [Release notes](https://github.com/dtolnay/rust-toolchain/releases) - [Commits](dtolnay/rust-toolchain@f7ccc83...efa25f7) Updates `trufflesecurity/trufflehog` from 3.92.5 to 3.93.6 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@116e717...041f07e) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: erlef/setup-beam dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dtolnay/rust-toolchain dependency-version: efa25f7f19611383d5b0ccf2d1c8914531636bf9 dependency-type: direct:production dependency-group: github-actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.93.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

sonarqubecloud · 2026-03-03T21:56:57Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 3, 2026

dependabot Bot requested a review from hyperpolymath as a code owner March 3, 2026 21:52

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 3, 2026

hyperpolymath approved these changes Mar 3, 2026

View reviewed changes

hyperpolymath merged commit 4b83d98 into main Mar 3, 2026
12 of 19 checks passed

dependabot Bot deleted the dependabot/github_actions/github-actions-d886cbd7e2 branch March 3, 2026 21:53

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): Bump the github-actions group with 5 updates#3

chore(deps): Bump the github-actions group with 5 updates#3
hyperpolymath merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-d886cbd7e2

dependabot Bot commented on behalf of github Mar 3, 2026

Uh oh!

Uh oh!

sonarqubecloud Bot commented Mar 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Mar 3, 2026

v6.0.2

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v1.21.0

What's Changed

New Contributors

v1.20.4

What's Changed

Dependabot updates

v1.20.3

What's Changed

v1.20.2

What's Changed

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

New Contributors

v7.1.0

What's Changed

New Contributors

v3.93.6

What's Changed

v3.93.5

What's Changed

v3.93.4

What's Changed

v3.93.3

What's Changed

v3.93.2

What's Changed

Uh oh!

Uh oh!

sonarqubecloud Bot commented Mar 3, 2026

Quality Gate passed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant