Bump the all-actions group with 15 updates by dependabot[bot] · Pull Request #24 · JaclynCodes/dependabot-core

dependabot · 2026-01-28T22:11:16Z

Bumps the all-actions group with 15 updates:

Package	From	To
actions/checkout	`4.2.2`	`6.0.2`
tj-actions/changed-files	`46.0.5`	`47.0.1`
ruby/setup-ruby	`1.247.0`	`1.286.0`
actions/setup-go	`5.5.0`	`6.2.0`
github/codeql-action	`3.29.3`	`4.32.0`
codespell-project/actions-codespell	`2.1`	`2.2`
actions/dependency-review-action	`4.7.1`	`4.8.2`
actions/create-github-app-token	`2.0.6`	`2.2.1`
sigstore/cosign-installer	`3.9.2`	`4.0.0`
docker/login-action	`3.4.0`	`3.7.0`
actions/labeler	`5.0.0`	`6.0.1`
ossf/scorecard-action	`2.4.2`	`2.4.3`
actions/cache	`4.2.3`	`5.0.2`
actions/upload-artifact	`4.6.2`	`6.0.0`
actions/stale	`9.1.0`	`10.1.1`

Updates actions/checkout from 4.2.2 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates tj-actions/changed-files from 46.0.5 to 47.0.1

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.1

What's Changed

Upgraded to v47 by @github-actions[bot] in tj-actions/changed-files#2663

chore(deps-dev): bump @types/node from 24.3.1 to 24.4.0 by @dependabot[bot] in tj-actions/changed-files#2664

chore(deps-dev): bump ts-jest from 29.4.1 to 29.4.3 by @dependabot[bot] in tj-actions/changed-files#2671

chore(deps-dev): bump @vercel/ncc from 0.38.3 to 0.38.4 by @dependabot[bot] in tj-actions/changed-files#2670

chore(deps-dev): bump @types/uuid from 10.0.0 to 11.0.0 by @dependabot[bot] in tj-actions/changed-files#2668

chore(deps-dev): bump @types/node from 24.4.0 to 24.5.2 by @dependabot[bot] in tj-actions/changed-files#2669

chore(deps): bump github/codeql-action from 3.30.3 to 3.30.4 by @dependabot[bot] in tj-actions/changed-files#2675

chore(deps-dev): bump ts-jest from 29.4.3 to 29.4.4 by @dependabot[bot] in tj-actions/changed-files#2672

chore(deps): bump github/codeql-action from 3.30.4 to 3.30.5 by @dependabot[bot] in tj-actions/changed-files#2676

chore(deps-dev): bump jest from 30.1.3 to 30.2.0 by @dependabot[bot] in tj-actions/changed-files#2677

chore(deps-dev): bump @types/node from 24.5.2 to 24.6.1 by @dependabot[bot] in tj-actions/changed-files#2679

chore(deps-dev): bump @types/node from 24.6.1 to 24.6.2 by @dependabot[bot] in tj-actions/changed-files#2681

chore(deps): bump github/codeql-action from 3.30.5 to 3.30.6 by @dependabot[bot] in tj-actions/changed-files#2680

chore(deps-dev): bump @types/node from 24.6.2 to 24.9.1 by @dependabot[bot] in tj-actions/changed-files#2695

chore(deps): bump github/codeql-action from 3.30.6 to 4.30.9 by @dependabot[bot] in tj-actions/changed-files#2693

chore(deps): bump actions/setup-node from 5.0.0 to 6.0.0 by @dependabot[bot] in tj-actions/changed-files#2690

chore(deps): bump github/codeql-action from 4.30.9 to 4.31.2 by @dependabot[bot] in tj-actions/changed-files#2702

chore(deps-dev): bump @types/node from 24.9.1 to 24.9.2 by @dependabot[bot] in tj-actions/changed-files#2700

chore(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in tj-actions/changed-files#2698

chore(deps): bump actions/download-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in tj-actions/changed-files#2697

chore(deps-dev): bump @types/micromatch from 4.0.9 to 4.0.10 by @dependabot[bot] in tj-actions/changed-files#2699

chore(deps-dev): bump ts-jest from 29.4.4 to 29.4.5 by @dependabot[bot] in tj-actions/changed-files#2688

chore(deps-dev): bump @types/node from 24.9.2 to 24.10.0 by @dependabot[bot] in tj-actions/changed-files#2707

chore(deps): bump @octokit/rest from 22.0.0 to 22.0.1 by @dependabot[bot] in tj-actions/changed-files#2705

chore(deps-dev): bump eslint-plugin-jest from 29.0.1 to 29.1.0 by @dependabot[bot] in tj-actions/changed-files#2710

chore(deps-dev): bump @types/node from 24.10.0 to 24.10.1 by @dependabot[bot] in tj-actions/changed-files#2711

chore(deps): bump github/codeql-action from 4.31.2 to 4.31.4 by @dependabot[bot] in tj-actions/changed-files#2715

chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 by @dependabot[bot] in tj-actions/changed-files#2714

chore(deps): bump nrwl/nx-set-shas from 4.3.3 to 4.4.0 by @dependabot[bot] in tj-actions/changed-files#2712

chore(deps-dev): bump prettier from 3.6.2 to 3.7.1 by @dependabot[bot] in tj-actions/changed-files#2722

chore(deps): bump github/codeql-action from 4.31.4 to 4.31.5 by @dependabot[bot] in tj-actions/changed-files#2720

chore(deps-dev): bump eslint-plugin-jest from 29.1.0 to 29.2.1 by @dependabot[bot] in tj-actions/changed-files#2719

chore(deps-dev): bump @types/lodash from 4.17.20 to 4.17.21 by @dependabot[bot] in tj-actions/changed-files#2718

chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 by @dependabot[bot] in tj-actions/changed-files#2717

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2723

chore(deps): bump yaml from 2.8.1 to 2.8.2 by @dependabot[bot] in tj-actions/changed-files#2724

chore(deps-dev): bump @types/node from 24.10.1 to 25.0.0 by @dependabot[bot] in tj-actions/changed-files#2738

chore(deps): bump @actions/exec from 1.1.1 to 2.0.0 by @dependabot[bot] in tj-actions/changed-files#2737

chore(deps-dev): bump ts-jest from 29.4.5 to 29.4.6 by @dependabot[bot] in tj-actions/changed-files#2727

chore(deps): bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 by @dependabot[bot] in tj-actions/changed-files#2735

chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7 by @dependabot[bot] in tj-actions/changed-files#2732

chore(deps): bump actions/setup-node from 6.0.0 to 6.1.0 by @dependabot[bot] in tj-actions/changed-files#2730

chore(deps-dev): bump prettier from 3.7.1 to 3.7.4 by @dependabot[bot] in tj-actions/changed-files#2731

chore(deps): bump @actions/core from 1.11.1 to 2.0.0 by @dependabot[bot] in tj-actions/changed-files#2736

chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in tj-actions/changed-files#2729

Full Changelog: tj-actions/changed-files@v47...v47.0.1

... (truncated)

Commits

e002140 chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 (#2729)
01ddfae chore(deps): bump @actions/core from 1.11.1 to 2.0.0 (#2736)
a364493 chore(deps-dev): bump prettier from 3.7.1 to 3.7.4 (#2731)
45a2aae chore(deps): bump actions/setup-node from 6.0.0 to 6.1.0 (#2730)
a4f6de3 chore(deps): bump github/codeql-action from 4.31.5 to 4.31.7 (#2732)
95fbe9b chore(deps): bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 (#2735)
b3b9724 chore(deps-dev): bump ts-jest from 29.4.5 to 29.4.6 (#2727)
503bc3e chore(deps): bump @actions/exec from 1.1.1 to 2.0.0 (#2737)
3e9e5a2 chore(deps-dev): bump @types/node from 24.10.1 to 25.0.0 (#2738)
2b6c719 chore(deps): bump yaml from 2.8.1 to 2.8.2 (#2724)
Additional commits viewable in compare view

Updates ruby/setup-ruby from 1.247.0 to 1.286.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.286.0

What's Changed

Add truffleruby-33.0.1,truffleruby+graalvm-33.0.1 by @ruby-builder-bot in ruby/setup-ruby#864

Full Changelog: ruby/setup-ruby@v1.285.0...v1.286.0

v1.285.0

What's Changed

Convert to String earlier in generate-windows-versions.rb by @eregon in ruby/setup-ruby#862

Update all dependencies to latest by @eregon in ruby/setup-ruby#863

Full Changelog: ruby/setup-ruby@v1.284.0...v1.285.0

v1.284.0

What's Changed

Fix compatibility to ruby-3.2 by @larskanis in ruby/setup-ruby#861

Full Changelog: ruby/setup-ruby@v1.283.0...v1.284.0

v1.283.0

What's Changed

Add restriction and validation for download urls by @ntkme in ruby/setup-ruby#856

Add ruby-3.2.10 by @ruby-builder-bot in ruby/setup-ruby#860

Full Changelog: ruby/setup-ruby@v1.282.0...v1.283.0

v1.282.0

What's Changed

Add ruby-4.0.1 by @ruby-builder-bot in ruby/setup-ruby#859

Full Changelog: ruby/setup-ruby@v1.281.0...v1.282.0

v1.281.0

What's Changed

Generate test matrix dynamically by @ntkme in ruby/setup-ruby#854

Add truffleruby-33.0.0,truffleruby+graalvm-33.0.0 by @ruby-builder-bot in ruby/setup-ruby#857

Full Changelog: ruby/setup-ruby@v1.280.0...v1.281.0

v1.280.0

What's Changed

Test ruby 4.0 on windows by @ntkme in ruby/setup-ruby#853

Add token input for downloading release assets by @TingluoHuang in ruby/setup-ruby#851

... (truncated)

Commits

90be115 Add truffleruby-33.0.1,truffleruby+graalvm-33.0.1
e69dcf3 Update all dependencies to latest
9f55308 Convert to String earlier in generate-windows-versions.rb
80740b3 Add new RubyInstaller releases 4.0.1-1 and 3.2.10-1
5fcbc91 Fix compatibility to ruby-3.2
708024e Add ruby-3.2.10
757ecf5 Give a proper name to CI jobs checking generated files
6963d48 Use Regexp.escape to not need to manually escape (error-prone)
3fc6249 Match more strictly with \A and \z
b939495 Add restriction and validation for download urls
Additional commits viewable in compare view

Updates actions/setup-go from 5.5.0 to 6.2.0

Release notes

Sourced from actions/setup-go's releases.

v6.2.0

What's Changed

Enhancements

Example for restore-only cache in documentation by @aparnajyothi-y in actions/setup-go#696

Update Node.js version in action.yml by @ccoVeille in actions/setup-go#691

Documentation update of actions/checkout by @deining in actions/setup-go#683

Dependency updates

Upgrade js-yaml from 3.14.1 to 3.14.2 by @dependabot in actions/setup-go#682

Upgrade @actions/cache to v5 by @salmanmkc in actions/setup-go#695

Upgrade actions/checkout from 5 to 6 by @dependabot in actions/setup-go#686

Upgrade qs from 6.14.0 to 6.14.1 by @dependabot in actions/setup-go#703

New Contributors

@ccoVeille made their first contribution in actions/setup-go#691

@deining made their first contribution in actions/setup-go#683

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in actions/setup-go#665

Add support for .tool-versions file and update workflow by @priya-kinthali in actions/setup-go#673

Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in actions/setup-go#674

Dependency updates

Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @dependabot in actions/setup-go#617

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in actions/setup-go#641

Upgrade semver and @types/semver by @dependabot in actions/setup-go#652

New Contributors

@nicholasngai made their first contribution in actions/setup-go#665

@priya-kinthali made their first contribution in actions/setup-go#673

@mahabaleshwars made their first contribution in actions/setup-go#674

Full Changelog: actions/setup-go@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in actions/setup-go#460

Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in actions/setup-go#624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

... (truncated)

Commits

7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
b9adafd Bump actions/checkout from 5 to 6 (#686)
d73f6bc README.md: correct to actions/checkout@v6 (#683)
ae252ee Bump @actions/cache to v5 (#695)
bf7446a Bump js-yaml from 3.14.1 to 3.14.2 (#682)
02aadfe Fix Node.js version in action.yml (#691)
4aaadf4 Example for restore-only cache in documentation (#696)
4dc6199 Bump semver and @types/semver (#652)
f3787be Add comprehensive breaking changes documentation for v6 (#674)
3a0c2c8 Bump actions/publish-action from 0.3.0 to 0.4.0 (#641)
Additional commits viewable in compare view

Updates github/codeql-action from 3.29.3 to 4.32.0

Release notes

Sourced from github/codeql-action's releases.

v4.32.0

Update default CodeQL bundle version to 2.24.0. #3425

v4.31.11

When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409

Improved error handling throughout the CodeQL Action. #3415

Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318

The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

v4.31.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.10 - 12 Jan 2026

Update default CodeQL bundle version to 2.23.9. #3393

See the full CHANGELOG.md for more information.

v4.31.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.32.0 - 26 Jan 2026

Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409

Improved error handling throughout the CodeQL Action. #3415

Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318

The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.

... (truncated)

Commits

b20883b Merge pull request #3428 from github/update-v4.32.0-e3b8227a2
c9aa45d Update changelog for v4.32.0
e3b8227 Merge pull request #3427 from github/henrymercer/bump-for-new-minor-series
8a01181 Compare minor version number
80e1425 Bump minor version for CLI v2.24.0
b748848 Bump the Action minor version number on new CodeQL minor version series
5e767ef Merge pull request #3425 from github/update-bundle/codeql-bundle-v2.24.0
9752869 Add changelog note
c62c214 Update default bundle to codeql-bundle-v2.24.0
25a224b Merge pull request #3423 from github/mbg/ci/yq-windows
Additional commits viewable in compare view

Updates codespell-project/actions-codespell from 2.1 to 2.2

Release notes

Sourced from codespell-project/actions-codespell's releases.

v2.2

What's Changed

Add the config file option and tests by @rdimaio in codespell-project/actions-codespell#80

Use pip install with --no-cache-dir in the Dockerfile by @PeterDaveHello in codespell-project/actions-codespell#89

Upgrade to Python 3.13 by @candrews in codespell-project/actions-codespell#82

Add checkout action and problem matcher to README by @vadi2 in codespell-project/actions-codespell#32

New Contributors

@rdimaio made their first contribution in codespell-project/actions-codespell#80

@PeterDaveHello made their first contribution in codespell-project/actions-codespell#89

@candrews made their first contribution in codespell-project/actions-codespell#82

@vadi2 made their first contribution in codespell-project/actions-codespell#32

Full Changelog: codespell-project/actions-codespell@v2...v2.2

Commits

8f01853 MAINT: Release notes
23a4abe Add checkout action and problem matcher to README (#32)
906f13f Upgrade to Python 3.13 (#82)
df0bba3 [pre-commit.ci] pre-commit autoupdate (#85)
c460eef Use pip install with --no-cache-dir in the Dockerfile (#89)
037a23a Add the config file option and tests (#80)
8d1a4b1 Bump actions/setup-python from 5 to 6 (#92)
71286cb Bump actions/checkout from 4 to 5 (#91)
fad9339 [pre-commit.ci] pre-commit autoupdate (#84)
See full diff in compare view

Updates actions/dependency-review-action from 4.7.1 to 4.8.2

Release notes

Sourced from actions/dependency-review-action's releases.

v4.8.2

Minor fixes:

Fix PURL parsing for scoped packages (#1008 from @danielhardej)

Fix for large summaries (#1007 from @gitulisca)

README includes a working example for allow-dependencies-licenses (#1009 from @danielhardej)

Dependency Review Action v4.8.1

What's Changed

(bug) Fix spamming link test in deprecation warning (again) by @ahpook in actions/dependency-review-action#1000

Bump version for 4.8.1 release by @ahpook in actions/dependency-review-action#1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

What's Changed

Make Ruby Code Scannable by @ljones140 in actions/dependency-review-action#978

Batch some contributions for release by @brrygrdn in actions/dependency-review-action#986

Make license lists collapsable by @jasperkamerling

feat: add large summary handling with artifact upload by @MattMencel

New Contributors

@ljones140 made their first contribution in actions/dependency-review-action#978

@jasperkamerling made their first contribution in actions/dependency-review-action#986

@MattMencel made their first contribution in actions/dependency-review-action#986

Full Changelog: actions/dependency-review-action@v4...v4.8.0

4.7.3

What's Changed

Add explicit permissions to workflow files by @AshelyTC in actions/dependency-review-action#966

Claire153/fix spamming mentioned issue by @claire153 in actions/dependency-review-action#974

Full Changelog: actions/dependency-review-action@v4...v4.7.3

4.7.2

What's Changed

Add Missing Languages to CodeQL Advanced Configuration by @KyFaSt in actions/dependency-review-action#945

Deprecate deny lists by @claire153 in actions/dependency-review-action#958

Address discrepancy between docs and reality by @ahpook in actions/dependency-review-action#960

New Contributors

@KyFaSt made their first contribution in actions/dependency-review-action#945

@claire153 made their first contribution in actions/dependency-review-action#958

@ahpook made their first contribution in actions/dependency-review-action#960

Full Changelog: actions/dependency-review-action@v4...v4.7.2

Commits

3c4e3dc Merge pull request #1016 from actions/dra-release
02930b2 Update CONTRIBUTING to reflect new guidelines

coderabbitai · 2026-01-28T22:11:28Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

🔍 Trigger a full review

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

cubic-dev-ai

No issues found across 15 files

Bumps the all-actions group with 15 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `46.0.5` | `47.0.1` | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.247.0` | `1.286.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.5.0` | `6.2.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.29.3` | `4.32.0` | | [codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell) | `2.1` | `2.2` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.7.1` | `4.8.2` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.0.6` | `2.2.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.9.2` | `4.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.7.0` | | [actions/labeler](https://github.com/actions/labeler) | `5.0.0` | `6.0.1` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `5.0.2` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `6.0.0` | | [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.1.1` | Updates `actions/checkout` from 4.2.2 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@11bd719...de0fac2) Updates `tj-actions/changed-files` from 46.0.5 to 47.0.1 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@ed68ef8...e002140) Updates `ruby/setup-ruby` from 1.247.0 to 1.286.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@4727905...90be115) Updates `actions/setup-go` from 5.5.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@d35c59a...7a3fe6c) Updates `github/codeql-action` from 3.29.3 to 4.32.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@d6bbdef...b20883b) Updates `codespell-project/actions-codespell` from 2.1 to 2.2 - [Release notes](https://github.com/codespell-project/actions-codespell/releases) - [Commits](codespell-project/actions-codespell@406322e...8f01853) Updates `actions/dependency-review-action` from 4.7.1 to 4.8.2 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@da24556...3c4e3dc) Updates `actions/create-github-app-token` from 2.0.6 to 2.2.1 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@df432ce...29824e6) Updates `sigstore/cosign-installer` from 3.9.2 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@d58896d...faadad0) Updates `docker/login-action` from 3.4.0 to 3.7.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@74a5d14...c94ce9f) Updates `actions/labeler` from 5.0.0 to 6.0.1 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@8558fd7...634933e) Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@05b42c6...4eaacf0) Updates `actions/cache` from 4.2.3 to 5.0.2 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@5a3ec84...8b402f5) Updates `actions/upload-artifact` from 4.6.2 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...b7c566a) Updates `actions/stale` from 9.1.0 to 10.1.1 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@5bef64f...9971854) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: ruby/setup-ruby dependency-version: 1.286.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/setup-go dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: github/codeql-action dependency-version: 4.32.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: codespell-project/actions-codespell dependency-version: '2.2' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/dependency-review-action dependency-version: 4.8.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/create-github-app-token dependency-version: 2.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: docker/login-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/labeler dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/stale dependency-version: 10.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-03-15T16:07:48Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 28, 2026

cubic-dev-ai Bot reviewed Jan 28, 2026

View reviewed changes

dependabot Bot force-pushed the dependabot/github_actions/all-actions-3c0e7421e8 branch 2 times, most recently from 91539bd to 15b2108 Compare February 8, 2026 16:08

dependabot Bot force-pushed the dependabot/github_actions/all-actions-3c0e7421e8 branch from 15b2108 to 2949a52 Compare February 15, 2026 16:08

dependabot Bot force-pushed the dependabot/github_actions/all-actions-3c0e7421e8 branch from 2949a52 to b5a6ff5 Compare February 22, 2026 16:08

dependabot Bot force-pushed the dependabot/github_actions/all-actions-3c0e7421e8 branch from b5a6ff5 to 6491395 Compare March 1, 2026 16:14

dependabot Bot force-pushed the dependabot/github_actions/all-actions-3c0e7421e8 branch from 6491395 to b253e41 Compare March 8, 2026 16:08

dependabot Bot closed this Mar 15, 2026

dependabot Bot deleted the dependabot/github_actions/all-actions-3c0e7421e8 branch March 15, 2026 16:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all-actions group with 15 updates#24

Bump the all-actions group with 15 updates#24
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/all-actions-3c0e7421e8

dependabot Bot commented on behalf of github Jan 28, 2026 •

edited

Loading

Uh oh!

coderabbitai Bot commented Jan 28, 2026

Review skipped

Uh oh!

cubic-dev-ai Bot left a comment

Uh oh!

dependabot Bot commented on behalf of github Mar 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jan 28, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v47.0.1

What's Changed

v1.286.0

What's Changed

v1.285.0

What's Changed

v1.284.0

What's Changed

v1.283.0

What's Changed

v1.282.0

What's Changed

v1.281.0

What's Changed

v1.280.0

What's Changed

v6.2.0

What's Changed

Enhancements

Dependency updates

New Contributors

v6.1.0

What's Changed

Enhancements

Dependency updates

New Contributors

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

v4.32.0

v4.31.11

v4.31.10

CodeQL Action Changelog

4.31.10 - 12 Jan 2026

v4.31.9

CodeQL Action Changelog

4.31.9 - 16 Dec 2025

v4.31.8

CodeQL Action Changelog

4.31.8 - 11 Dec 2025

v4.31.7

CodeQL Action Changelog

4.31.7 - 05 Dec 2025

CodeQL Action Changelog

[UNRELEASED]

4.32.0 - 26 Jan 2026

4.31.11 - 23 Jan 2026

4.31.10 - 12 Jan 2026

4.31.9 - 16 Dec 2025

4.31.8 - 11 Dec 2025

dependabot Bot commented on behalf of github Jan 28, 2026 •

edited

Loading