Skip to content

deps: bump the actions group across 1 directory with 6 updates#98

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/main/actions-9e9bd9c7cd
Closed

deps: bump the actions group across 1 directory with 6 updates#98
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/main/actions-9e9bd9c7cd

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 6 updates in the / directory:

Package From To
actions/checkout 6 7
dtolnay/rust-toolchain 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 67ef31d5b988238dd797d409d6f9574278e20537
actions/cache 5 5.0.5
jessehouwing/actions-dependency-submission 1.0.14 1.0.15
actions/setup-python 6 6.2.0
peter-murray/semver-action 1.0.1 2.0.0

Updates actions/checkout from 6 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Commits

Updates dtolnay/rust-toolchain from 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 to 67ef31d5b988238dd797d409d6f9574278e20537

Commits

Updates actions/cache from 5 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

New Contributors

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.


v5.0.1

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits

Updates jessehouwing/actions-dependency-submission from 1.0.14 to 1.0.15

Release notes

Sourced from jessehouwing/actions-dependency-submission's releases.

v1.0.15

What's Changed

Full Changelog: jessehouwing/actions-dependency-submission@v1.0.14...v1.0.15

Commits
  • d4ed9fd bundle
  • efaa696 update dependencies
  • 1304f45 feat: enhance WorkflowParser to route by YAML structure for composite actions...
  • 43962ca Bump yaml from 2.8.4 to 2.9.0
  • 1ae0fd1 Bump faraday from 2.14.1 to 2.14.2
  • 442e7e1 Bump actions/dependency-review-action from 4.9.0 to 5.0.0
  • 838855c Bump @​rollup/rollup-linux-x64-gnu in the npm-production group
  • 520ee85 Bump the npm-development group across 1 directory with 7 updates
  • 3d2dce9 Bump the actions-minor group across 1 directory with 2 updates
  • 6960877 Bump fast-xml-builder from 1.1.5 to 1.2.0
  • Additional commits viewable in compare view

Updates actions/setup-python from 6 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

What's Changed

Enhancements:

Dependency and Documentation updates:

New Contributors

Full Changelog: actions/setup-python@v6...v6.1.0

Commits
  • 03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
  • 36da51d Add version parsing from Pipfile (#1067)
  • 3c6f142 update documentation (#1156)
  • 88ffd4d Include python version in PyPy python-version output (#1110)
  • 532b046 Add Architecture-Specific PATH Management for Python with --user Flag on Wind...
  • 1264885 Enhance cache-dependency-path handling to support files outside the workspace...
  • e9c40fb Add support for pip-version (#1129)
  • 5fa0ee6 Bump @​actions/tool-cache from 2.0.1 to 2.0.2 (#1095)
  • 5db1cf9 Enhance reading from .python-version (#787)
  • a26af69 Bump ts-jest from 29.1.2 to 29.3.2 (#1081)
  • Additional commits viewable in compare view

Updates peter-murray/semver-action from 1.0.1 to 2.0.0

Release notes

Sourced from peter-murray/semver-action's releases.

v2.0.0

What's Changed

New Contributors

Full Changelog: peter-murray/semver-data-action@v1...v2.0.0

Commits
  • 0965343 Merge pull request #3 from peter-murray/updates
  • 436ddf3 Merge pull request #1 from swichers/patch-1
  • e606e42 Updating dependencies to latest versions and supporting NodeJS 24
  • 44e61cf Fix incorrect output name
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6` | `7` |
| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` | `67ef31d5b988238dd797d409d6f9574278e20537` |
| [actions/cache](https://github.com/actions/cache) | `5` | `5.0.5` |
| [jessehouwing/actions-dependency-submission](https://github.com/jessehouwing/actions-dependency-submission) | `1.0.14` | `1.0.15` |
| [actions/setup-python](https://github.com/actions/setup-python) | `6` | `6.2.0` |
| [peter-murray/semver-action](https://github.com/peter-murray/semver-action) | `1.0.1` | `2.0.0` |



Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v6...v7)

Updates `dtolnay/rust-toolchain` from 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 to 67ef31d5b988238dd797d409d6f9574278e20537
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases)
- [Commits](dtolnay/rust-toolchain@3c5f7ea...67ef31d)

Updates `actions/cache` from 5 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v5...v5.0.5)

Updates `jessehouwing/actions-dependency-submission` from 1.0.14 to 1.0.15
- [Release notes](https://github.com/jessehouwing/actions-dependency-submission/releases)
- [Commits](jessehouwing/actions-dependency-submission@1948104...d4ed9fd)

Updates `actions/setup-python` from 6 to 6.2.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v6...v6.2.0)

Updates `peter-murray/semver-action` from 1.0.1 to 2.0.0
- [Release notes](https://github.com/peter-murray/semver-action/releases)
- [Commits](peter-murray/semver-data-action@5a07021...0965343)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: dtolnay/rust-toolchain
  dependency-version: 67ef31d5b988238dd797d409d6f9574278e20537
  dependency-type: direct:production
  dependency-group: actions
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: jessehouwing/actions-dependency-submission
  dependency-version: 1.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: peter-murray/semver-action
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 24, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 24, 2026 12:38
@dependabot dependabot Bot requested review from adrienpessu and felickz June 24, 2026 12:38
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 24, 2026
@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 5 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 3fae345.
Ensure that dependencies are being submitted on PR branches. Re-running this action after a short time may resolve the issue. See the documentation for more information and troubleshooting advice.

License Issues

.github/workflows/container-publish.yml

PackageVersionLicenseIssue Type
actions/checkout7.*.*NullUnknown License

.github/workflows/labeler.yml

PackageVersionLicenseIssue Type
actions/checkout7.*.*NullUnknown License

.github/workflows/python-release.yml

PackageVersionLicenseIssue Type
actions/checkout7.*.*NullUnknown License

.github/workflows/self-release.yml

PackageVersionLicenseIssue Type
actions/checkout7.*.*NullUnknown License

.github/workflows/self-wiki.yml

PackageVersionLicenseIssue Type
actions/checkout7.*.*NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 7.*.* 🟢 6.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/checkout 7.*.* 🟢 6.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/checkout 7.*.* 🟢 6.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/checkout 7.*.* 🟢 6.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits
actions/actions/checkout 7.*.* 🟢 6.9
Details
CheckScoreReason
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1016 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • .github/workflows/container-publish.yml
  • .github/workflows/labeler.yml
  • .github/workflows/python-release.yml
  • .github/workflows/self-release.yml
  • .github/workflows/self-wiki.yml

@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 1, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/main/actions-9e9bd9c7cd branch July 1, 2026 12:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants