Bump the all-actions group across 1 directory with 13 updates by dependabot[bot] · Pull Request #78 · kbukum1/dependabot-core

dependabot · 2025-01-26T16:57:52Z

Bumps the all-actions group with 13 updates in the / directory:

Package	From	To
actions/add-to-project	`1.0.1`	`1.0.2`
actions/checkout	`4.1.3`	`4.2.2`
ruby/setup-ruby	`1.176.0`	`1.213.0`
actions/setup-go	`5.0.1`	`5.3.0`
github/codeql-action	`3.24.11`	`3.28.5`
codespell-project/actions-codespell	`2.0`	`2.1`
actions/dependency-review-action	`4.3.2`	`4.5.0`
actions/create-github-app-token	`1.10.0`	`1.11.1`
sigstore/cosign-installer	`3.5.0`	`3.7.0`
ossf/scorecard-action	`2.3.3`	`2.4.0`
actions/cache	`4.0.2`	`4.2.0`
actions/upload-artifact	`4.3.3`	`4.6.0`
actions/stale	`9.0.0`	`9.1.0`

Updates actions/add-to-project from 1.0.1 to 1.0.2

Release notes

Sourced from actions/add-to-project's releases.

v1.0.2

What's Changed

build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @dependabot in actions/add-to-project#583

build(deps-dev): bump @types/node from 16.18.96 to 16.18.101 by @dependabot in actions/add-to-project#588

build(deps-dev): bump ts-jest from 29.1.2 to 29.1.5 by @dependabot in actions/add-to-project#582

build(deps-dev): bump @typescript-eslint/parser from 7.6.0 to 7.14.1 by @dependabot in actions/add-to-project#589

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.6.0 to 7.14.1 by @dependabot in actions/add-to-project#590

build(deps-dev): bump eslint-plugin-jest from 27.9.0 to 28.6.0 by @dependabot in actions/add-to-project#578

Dependabot/npm and yarn/eslint plugin jest 28.6.0 fixes by @talune in actions/add-to-project#591

Full Changelog: actions/add-to-project@v1.0.1...v1.0.2

Commits

244f685 Merge pull request #591 from actions/dependabot/npm_and_yarn/eslint-plugin-je...
2a5ef71 Build and package
8c11461 Update license for json-schema.dep.yml
66f6cff Merge pull request #578 from actions/dependabot/npm_and_yarn/eslint-plugin-je...
ddf5099 Merge pull request #590 from actions/dependabot/npm_and_yarn/typescript-eslin...
da1ae5b build(deps-dev): bump @typescript-eslint/eslint-plugin
ced87c7 Merge pull request #589 from actions/dependabot/npm_and_yarn/typescript-eslin...
c78e6a1 Merge pull request #582 from actions/dependabot/npm_and_yarn/ts-jest-29.1.5
267a19f build(deps-dev): bump @typescript-eslint/parser from 7.6.0 to 7.14.1
e005a86 Merge pull request #588 from actions/dependabot/npm_and_yarn/types/node-16.18...
Additional commits viewable in compare view

Updates actions/checkout from 4.1.3 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

@yasonk made their first contribution in actions/checkout#1869

@lucacome made their first contribution in actions/checkout#1180

Full Changelog: actions/checkout@v4.1.7...v4.2.0

v4.1.7

What's Changed

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

New Contributors

@orhantoy made their first contribution in actions/checkout#1774

Full Changelog: actions/checkout@v4.1.6...v4.1.7

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
d632683 Prepare 4.2.0 release (#1878)
6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
b684943 Add Ref and Commit outputs (#1180)
Additional commits viewable in compare view

Updates ruby/setup-ruby from 1.176.0 to 1.213.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.213.0

Add ubuntu-22.04-arm64 and ubuntu-24.04-arm64 support.

Full Changelog: ruby/setup-ruby@v1.212.0...v1.213.0

v1.212.0

What's Changed

Update CRuby releases on Windows by @ruby-builder-bot in ruby/setup-ruby#694

Full Changelog: ruby/setup-ruby@v1.211.0...v1.212.0

v1.211.0

What's Changed

Support new windows-2025 GHA image by @MSP-Greg in ruby/setup-ruby#693

Full Changelog: ruby/setup-ruby@v1.210.0...v1.211.0

v1.210.0

What's Changed

yarn.lock - Remove @actions/core 1.10.1, use @actions/core 1.11.1 by @MSP-Greg in ruby/setup-ruby#691

Full Changelog: ruby/setup-ruby@v1.209.0...v1.210.0

v1.209.0

What's Changed

Time sensitive: upgrade @actions/cache to ^4.0.0 by @Link- in ruby/setup-ruby#688

New Contributors

@Link- made their first contribution in ruby/setup-ruby#688

Full Changelog: ruby/setup-ruby@v1.208.0...v1.209.0

v1.208.0

What's Changed

Add ruby-3.3.7 by @ruby-builder-bot in ruby/setup-ruby#685

Full Changelog: ruby/setup-ruby@v1.207.0...v1.208.0

v1.207.0

What's Changed

Update CRuby releases on Windows by @ruby-builder-bot in ruby/setup-ruby#681

Full Changelog: ruby/setup-ruby@v1.206.0...v1.207.0

v1.206.0

... (truncated)

Commits

28c4ded ubuntu-22.04-arm64 and ubuntu-24.04-arm64 support is complete
fbaef13 Add support for ubuntu-22.04-arm64 and ubuntu-24.04-arm64
f72249c Update CRuby releases on Windows
87b4893 test.yml -add windows-2025
fd2daea common.js - add windows-2025
1d54274 yarn.lock - Remove @actions/core 1.10.1, use @actions/core 1.11.1
7a63021 Workaround missing require 'logger' in Rails
8e51ba9 Upgrade @actions/cache to 4.0.0
868b3f0 Add ruby-3.3.7
4a9ddd6 Update CRuby releases on Windows
Additional commits viewable in compare view

Updates actions/setup-go from 5.0.1 to 5.3.0

Release notes

Sourced from actions/setup-go's releases.

v5.3.0

What's Changed

Use the new cache service: upgrade @actions/cache to ^4.0.0 by @Link- in actions/setup-go#531

Configure Dependabot settings by @HarithaVattikuti in actions/setup-go#530

Document update - permission section by @HarithaVattikuti in actions/setup-go#533

Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-go#534

New Contributors

@Link- made their first contribution in actions/setup-go#531

Full Changelog: actions/setup-go@v5...v5.3.0

v5.2.0

What's Changed

Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in actions/setup-go#496

New Contributors

@Shegox made their first contribution in actions/setup-go#496

Full Changelog: actions/setup-go@v5...v5.2.0

v5.1.0

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/setup-go#500

Upgrade IA Publish by @Jcambass in actions/setup-go#502

Add architecture to cache key by @Zxilly in actions/setup-go#493 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format.

Enhance workflows and Upgrade micromatch Dependency by @priyagupta108 in actions/setup-go#510

Bug Fixes

Revise isGhes logic by @jww3 in actions/setup-go#511

New Contributors

@Zxilly made their first contribution in actions/setup-go#493

@Jcambass made their first contribution in actions/setup-go#500

@jww3 made their first contribution in actions/setup-go#511

@priyagupta108 made their first contribution in actions/setup-go#510

Full Changelog: actions/setup-go@v5...v5.1.0

v5.0.2

What's Changed

Bug fixes:

Fix versions check failure by @HarithaVattikuti in actions/setup-go#479

Dependency updates:

Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by @dependabot in actions/setup-go#487

... (truncated)

Commits

f111f33 Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#534)
3d10edb Add new permission section (#533)
43e1389 Configure Dependabot settings (#530)
f81f022 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#531)
3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
9419772 Revise isGhes logic (#511)
d60b41a Merge pull request #502 from actions/Jcambass-patch-1
e09f57f Upgrade IA Publish
df1a117 Merge pull request #500 from actions/Jcambass-patch-1
Additional commits viewable in compare view

Updates github/codeql-action from 3.24.11 to 3.28.5

Release notes

Sourced from github/codeql-action's releases.

v3.28.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

See the full CHANGELOG.md for more information.

v3.28.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.3 - 22 Jan 2025

Update default CodeQL bundle version to 2.20.2. #2707

Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710

Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

See the full CHANGELOG.md for more information.

v3.28.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.2 - 21 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

Update default CodeQL bundle version to 2.20.2. #2707

Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710

Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

Bump the minimum CodeQL bundle version to 2.15.5. #2655

Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

No user facing changes.

3.27.8 - 12 Dec 2024

Fixed an issue where streaming the download and extraction of the CodeQL bundle did not respect proxy settings. #2624

3.27.7 - 10 Dec 2024

We are rolling out a change in December 2024 that will extract the CodeQL bundle directly to the toolcache to improve performance. #2631

Update default CodeQL bundle version to 2.20.0. #2636

3.27.6 - 03 Dec 2024

... (truncated)

Commits

f6091c0 Merge pull request #2721 from github/update-v3.28.5-01f001931
064af10 Update changelog for v3.28.5
01f0019 Merge pull request #2717 from github/update-bundle/codeql-bundle-v2.20.3
573ad88 Merge pull request #2718 from github/kaeluka/4779-1
d7f3976 permissions block in query-filters.yml
428975c Add changelog note
208091d Update default bundle to codeql-bundle-v2.20.3
7e3036b Merge pull request #2716 from github/mergeback/v3.28.4-to-main-ee117c90
e32a0d6 Update checked-in dependencies
67c21e4 Update changelog and version after v3.28.4
Additional commits viewable in compare view

Updates codespell-project/actions-codespell from 2.0 to 2.1

Release notes

Sourced from codespell-project/actions-codespell's releases.

v2.1

What's Changed

Use v2 in README by @okuramasafumi in codespell-project/actions-codespell#69

Bump actions/checkout from 3 to 4 by @dependabot in codespell-project/actions-codespell#72

Bump actions/setup-python from 4 to 5 by @dependabot in codespell-project/actions-codespell#74

feat: bump to use node20 runtime by @kbdharun in codespell-project/actions-codespell#71

[pre-commit.ci] pre-commit autoupdate by @pre-commit-ci in codespell-project/actions-codespell#76

New Contributors

@okuramasafumi made their first contribution in codespell-project/actions-codespell#69

@dependabot made their first contribution in codespell-project/actions-codespell#72

@kbdharun made their first contribution in codespell-project/actions-codespell#71

@pre-commit-ci made their first contribution in codespell-project/actions-codespell#76

Full Changelog: codespell-project/actions-codespell@v2...v2.1

Commits

406322e [pre-commit.ci] pre-commit autoupdate (#76)
3174815 feat: bump to use node20 runtime (#71)
8edd9f2 Bump actions/setup-python from 4 to 5 (#74)
8dc8168 Bump actions/checkout from 3 to 4 (#72)
41170f1 Use v2 in README (#69)
See full diff in compare view

Updates actions/dependency-review-action from 4.3.2 to 4.5.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.5.0

What's Changed

Bump got from 14.4.2 to 14.4.3 by @dependabot in actions/dependency-review-action#844

Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in actions/dependency-review-action#847

Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in actions/dependency-review-action#849

Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in actions/dependency-review-action#850

fix: add summary comment on failure when warn-only: true by @ebickle in actions/dependency-review-action#827

Prepare for 4.5.0 release by @Ahmed3lmallah in actions/dependency-review-action#851

New Contributors

@ebickle made their first contribution in actions/dependency-review-action#827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

What's Changed

Fix for merge_group event bug by @Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

What's Changed

fix: getRefs function to handle merge_group events by @louis-bompart in actions/dependency-review-action#766

Create pull_request_template.md by @jonjanego in actions/dependency-review-action#794

Update CONTRIBUTING.md by @jonjanego in actions/dependency-review-action#793

Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in actions/dependency-review-action#815

Upgrade transitive micromatch library by @elireisman in actions/dependency-review-action#829

Do not list changed dependencies in summary by @hmaurer in actions/dependency-review-action#828

Update stale.yaml by @jonjanego in actions/dependency-review-action#832

Bump got from 14.4.1 to 14.4.2 by @dependabot in actions/dependency-review-action#822

Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in actions/dependency-review-action#840

New Contributors

@louis-bompart made their first contribution in actions/dependency-review-action#766

@Ahmed3lmallah made their first contribution in actions/dependency-review-action#840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

What's Changed

Include all added dependencies in scorecard entries by @elireisman in actions/dependency-review-action#783

Update SPDX Expression Parsing by @febuiles in actions/dependency-review-action#719

This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

Notes for v4.3.3

What's Changed

Allow slashes in purl package names by @juxtin in actions/dependency-review-action#765

... (truncated)

Commits

3b139cf Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-release
d6807b6 updating generated code
c89b41f addressing lint issues
eee97d8 incrementing project version
9d10182 Merge pull request #827 from ebickle/fix/comment-warn-only
9192be9 Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-21538
2fc8e23 Using cross-spawn safe version
fb86db2 fix: resolve race conditions in async core.group calls
0a198ab fix: replace integer failureCount with boolean
fc499fc Merge branch 'main' into fix/comment-warn-only
Additional commits viewable in compare view

Updates actions/create-github-app-token from 1.10.0 to 1.11.1

Release notes

Sourced from actions/create-github-app-token's releases.

v1.11.1

What's Changed

Bug Fixes

deps: bump the production-dependencies group across 1 directory with 3 updates by @dependabot in actions/create-github-app-token#193

Full Changelog: actions/create-github-app-token@v1.11.0...v1.11.1

v1.11.0

What's Changed

Features

Allow repositories input to be comma or newline-separated by @peter-evans in actions/create-github-app-token#169

New Contributors

@peter-evans made their first contribution in actions/create-github-app-token#169

Full Changelog: actions/create-github-app-token@v1.10.4...v1.11.0

v1.10.4

What's Changed

build(deps-dev): bump the development-dependencies group with 4 updates by @dependabot in actions/create-github-app-token#150

docs(README): fix the git committer string and Configure git CLI examples by @maboloshi in actions/create-github-app-token#151

docs(readme): document how a Base64 private key could be decoded by @vleon1a in actions/create-github-app-token#155

test: fix test file extensions and inputs for repositories by @parkerbxyz in actions/create-github-app-token#161

build(deps-dev): bump the development-dependencies group across 1 directory with 4 updates by @dependabot in actions/create-github-app-token#167

Bug Fixes

bump the production-dependencies group across 1 directory with 3 updates by @dependabot in actions/create-github-app-token#166

New Contributors

@vleon1a made their first contribution in actions/create-github-app-token#155

Full Changelog: actions/create-github-app-token@v1.10.3...v1.10.4

v1.10.3

What's Changed

docs(README): fix committer string example and add git config example by @anuraaga in actions/create-github-app-token#145

Bug Fixes

fix(deps): bump undici from 6.18.2 to 6.19.2 in the production-dependencies group by @dependabot in actions/create-github-app-token#149

... (truncated)

Commits

c1a2851 build(release): 1.11.1 [skip ci]
fa6118c fix(deps): bump the production-dependencies group across 1 directory with 3 u...
ae140fa build(deps): bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#180)
c84b152 build(deps-dev): bump the development-dependencies group across 1 directory w...
26a5f36 ci(dependabot): only group minor and patch updates (#192)
6f99576 docs(README): fix typo (#186)
25cc3bd refactor: remove redundant API call (#175)
a2c2dfa build(deps-dev): bump the development-dependencies group with 3 updates (#174)
349e62c ci(release): add workflow file for publishing releases to immutable action pa...
5d869da build(release): 1.11.0 [skip ci]
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.5.0 to 3.7.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v3.7.0

What's Changed

Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in sigstore/cosign-installer#172

bump for latest cosign v2.4.1 release by @bobcallaway in sigstore/cosign-installer#173

Full Changelog: sigstore/cosign-installer@v3.6.0...v3.7.0

v3.6.0

What's Changed

Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in sigstore/cosign-installer#161

Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in sigstore/cosign-installer#162

Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in sigstore/cosign-installer#163

Bump actions/checkout from 4.1.4 to 4.1.5 by @dependabot in sigstore/cosign-installer#164

Bump actions/checkout from 4.1.5 ...
Description has been truncated

Bumps the all-actions group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/add-to-project](https://github.com/actions/add-to-project) | `1.0.1` | `1.0.2` | | [actions/checkout](https://github.com/actions/checkout) | `4.1.3` | `4.2.2` | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.176.0` | `1.213.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.0.1` | `5.3.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.24.11` | `3.28.5` | | [codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell) | `2.0` | `2.1` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.3.2` | `4.5.0` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `1.10.0` | `1.11.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.5.0` | `3.7.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.3` | `2.4.0` | | [actions/cache](https://github.com/actions/cache) | `4.0.2` | `4.2.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.3` | `4.6.0` | | [actions/stale](https://github.com/actions/stale) | `9.0.0` | `9.1.0` | Updates `actions/add-to-project` from 1.0.1 to 1.0.2 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](actions/add-to-project@9bfe908...244f685) Updates `actions/checkout` from 4.1.3 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.3...11bd719) Updates `ruby/setup-ruby` from 1.176.0 to 1.213.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@cacc9f1...28c4ded) Updates `actions/setup-go` from 5.0.1 to 5.3.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@cdcb360...f111f33) Updates `github/codeql-action` from 3.24.11 to 3.28.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.24.11...f6091c0) Updates `codespell-project/actions-codespell` from 2.0 to 2.1 - [Release notes](https://github.com/codespell-project/actions-codespell/releases) - [Commits](codespell-project/actions-codespell@94259cd...406322e) Updates `actions/dependency-review-action` from 4.3.2 to 4.5.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@0c155c5...3b139cf) Updates `actions/create-github-app-token` from 1.10.0 to 1.11.1 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@a0de6af...c1a2851) Updates `sigstore/cosign-installer` from 3.5.0 to 3.7.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@59acb62...dc72c7d) Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@dc50aa9...62b2cac) Updates `actions/cache` from 4.0.2 to 4.2.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0c45773...1bd1e32) Updates `actions/upload-artifact` from 4.3.3 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@6546280...65c4c4a) Updates `actions/stale` from 9.0.0 to 9.1.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@28ca103...5bef64f) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: ruby/setup-ruby dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: codespell-project/actions-codespell dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/create-github-app-token dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-02-02T16:42:51Z

Superseded by #85.

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 26, 2025

dependabot Bot closed this Feb 2, 2025

dependabot Bot deleted the dependabot/github_actions/all-actions-a592919818 branch February 2, 2025 16:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all-actions group across 1 directory with 13 updates#78

Bump the all-actions group across 1 directory with 13 updates#78
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/all-actions-a592919818

dependabot Bot commented on behalf of github Jan 26, 2025 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github Feb 2, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jan 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.0.2

What's Changed

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

v4.2.0

What's Changed

New Contributors

v4.1.7

What's Changed

New Contributors

v4.1.6

What's Changed

v4.1.5

What's Changed

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v1.213.0

v1.212.0

What's Changed

v1.211.0

What's Changed

v1.210.0

What's Changed

v1.209.0

What's Changed

New Contributors

v1.208.0

What's Changed

v1.207.0

What's Changed

v1.206.0

v5.3.0

What's Changed

New Contributors

v5.2.0

What's Changed

New Contributors

v5.1.0

What's Changed

New Contributors

v5.0.2

What's Changed

Bug fixes:

Dependency updates:

v3.28.5

CodeQL Action Changelog

3.28.5 - 24 Jan 2025

v3.28.4

CodeQL Action Changelog

3.28.4 - 23 Jan 2025

v3.28.3

CodeQL Action Changelog

3.28.3 - 22 Jan 2025

v3.28.2

CodeQL Action Changelog

3.28.2 - 21 Jan 2025

v3.28.1

CodeQL Action Changelog

CodeQL Action Changelog

[UNRELEASED]

3.28.5 - 24 Jan 2025

3.28.4 - 23 Jan 2025

3.28.3 - 22 Jan 2025

3.28.2 - 21 Jan 2025

dependabot Bot commented on behalf of github Jan 26, 2025 •

edited

Loading