Skip to content

chore(deps): bump the github-actions group with 6 updates#3151

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-c85c4af740
Closed

chore(deps): bump the github-actions group with 6 updates#3151
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-c85c4af740

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 6 updates:

Package From To
docker/login-action 4.1.0 4.2.0
codecov/codecov-action 6.0.0 6.0.1
chainguard-dev/actions 1.6.19 1.6.21
docker/setup-qemu-action 4.0.0 4.1.0
docker/setup-buildx-action 4.0.0 4.1.0
goreleaser/goreleaser-action 7.2.1 7.2.2

Updates docker/login-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits
  • 650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 99df1a3 chore: update generated content
  • 3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • 39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 4eefcd3 chore: update generated content
  • 56d092c build(deps): bump @​docker/actions-toolkit from 0.86.0 to 0.90.0
  • e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
  • 0bced94 chore: update generated content
  • 3e75a0f build(deps): bump @​actions/core from 3.0.0 to 3.0.1
  • 365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 6.0.0 to 6.0.1

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.1

What's Changed

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates chainguard-dev/actions from 1.6.19 to 1.6.21

Release notes

Sourced from chainguard-dev/actions's releases.

v1.6.21

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.20...v1.6.21

v1.6.20

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.19...v1.6.20

Commits
  • 05fbd38 build(deps): bump peter-evans/create-pull-request (#916)
  • 6a031dd build(deps): bump sigstore/cosign-installer in /chainguard-install (#917)
  • 2aa42ab build(deps): bump chainguard-dev/actions in /release-notes (#918)
  • 2a43818 build(deps): bump actions/checkout from 4.2.2 to 6.0.2 in /release-notes (#919)
  • 90e5d19 build(deps): bump peter-evans/create-pull-request in /release-notes (#920)
  • 0d3ec12 fix release workflow (#921)
  • 2716a7d Update git tag (#915)
  • bb3c0f7 bump gitsign to release v0.16.0 (#914)
  • 3e76343 Update Go version from 1.25 to 1.26 (#913)
  • 9feb67c build(deps): bump step-security/harden-runner from 2.19.3 to 2.19.4 (#912)
  • Additional commits viewable in compare view

Updates docker/setup-qemu-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.1.0

Full Changelog: docker/setup-qemu-action@v4.0.0...v4.1.0

Commits
  • 0611638 Merge pull request #21 from crazy-max/uninst
  • ce59c81 chore: update generated content
  • 2ddad44 uninstall current emulators
  • 8c37cd6 Merge pull request #250 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • d1a0ff3 chore: update generated content
  • 0a8f3dc build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.91.0
  • 9430f61 Merge pull request #291 from docker/dependabot/npm_and_yarn/tmp-0.2.6
  • 978bd77 chore: update generated content
  • 3479feb build(deps): bump tmp from 0.2.5 to 0.2.6
  • b113c26 Merge pull request #255 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.1.0

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits
  • d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 92bc5c9 chore: update generated content
  • da11e35 build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
  • f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
  • b5af94f chore: update generated content
  • 16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
  • d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
  • 28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
  • daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
  • 9725348 chore: update generated content
  • Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 7.2.1 to 7.2.2

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.2.2

What's Changed

New Contributors

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 3, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 3, 2026 03:43
@github-actions github-actions Bot added the area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) label Jun 3, 2026

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 2.

Benchmark suite Current: 5327459 Previous: 4bb1d7b Ratio
BenchmarkDatastoreDriver/cockroachdb-overlap-static/TestTuple/SnapshotReverseRead (github.com/authzed/spicedb/internal/datastore/benchmark) 33849667 ns/op 176129 B/op 20204 allocs/op 7650956 ns/op 172630 B/op 20195 allocs/op 4.42
BenchmarkDatastoreDriver/cockroachdb-overlap-static/TestTuple/SnapshotReverseRead (github.com/authzed/spicedb/internal/datastore/benchmark) - ns/op 33849667 ns/op 7650956 ns/op 4.42
BenchmarkDatastoreDriver/cockroachdb-overlap-static/TestTuple/Touch (github.com/authzed/spicedb/internal/datastore/benchmark) 32596503 ns/op 26934 B/op 321 allocs/op 13748624 ns/op 24958 B/op 316 allocs/op 2.37
BenchmarkDatastoreDriver/cockroachdb-overlap-static/TestTuple/Touch (github.com/authzed/spicedb/internal/datastore/benchmark) - ns/op 32596503 ns/op 13748624 ns/op 2.37
BenchmarkDatastoreDriver/cockroachdb-overlap-static/TestTuple/CreateAndTouch/0.5_ (github.com/authzed/spicedb/internal/datastore/benchmark) 68928185 ns/op 4668926 B/op 46984 allocs/op 28357248 ns/op 4660041 B/op 46978 allocs/op 2.43
BenchmarkDatastoreDriver/cockroachdb-overlap-static/TestTuple/CreateAndTouch/0.5_ (github.com/authzed/spicedb/internal/datastore/benchmark) - ns/op 68928185 ns/op 28357248 ns/op 2.43
BenchmarkDatastoreDriver/cockroachdb-overlap-insecure/TestTuple/SnapshotReverseRead (github.com/authzed/spicedb/internal/datastore/benchmark) 32685652 ns/op 174825 B/op 20201 allocs/op 7599582 ns/op 172729 B/op 20195 allocs/op 4.30
BenchmarkDatastoreDriver/cockroachdb-overlap-insecure/TestTuple/SnapshotReverseRead (github.com/authzed/spicedb/internal/datastore/benchmark) - ns/op 32685652 ns/op 7599582 ns/op 4.30
BenchmarkDatastoreDriver/cockroachdb-overlap-insecure/TestTuple/Touch (github.com/authzed/spicedb/internal/datastore/benchmark) 6271903 ns/op 22030 B/op 287 allocs/op 3088336 ns/op 22213 B/op 287 allocs/op 2.03
BenchmarkDatastoreDriver/cockroachdb-overlap-insecure/TestTuple/Touch (github.com/authzed/spicedb/internal/datastore/benchmark) - ns/op 6271903 ns/op 3088336 ns/op 2.03
BenchmarkDatastoreDriver/cockroachdb-overlap-insecure/TestTuple/Create (github.com/authzed/spicedb/internal/datastore/benchmark) 5808510 ns/op 19754 B/op 281 allocs/op 2761030 ns/op 19484 B/op 281 allocs/op 2.10
BenchmarkDatastoreDriver/cockroachdb-overlap-insecure/TestTuple/Create (github.com/authzed/spicedb/internal/datastore/benchmark) - ns/op 5808510 ns/op 2761030 ns/op 2.10

This comment was automatically generated by workflow using github-action-benchmark.

@tstirrat15 tstirrat15 force-pushed the dependabot/github_actions/github-actions-c85c4af740 branch from 4cc794e to 988fb5b Compare June 8, 2026 23:48
@codecov

codecov Bot commented Jun 8, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@miparnisari

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot @github

dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

Bumps the github-actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `6.0.1` |
| [chainguard-dev/actions](https://github.com/chainguard-dev/actions) | `1.6.19` | `1.6.21` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `7.2.1` | `7.2.2` |


Updates `docker/login-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v4.1.0...v4.2.0)

Updates `codecov/codecov-action` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@57e3a13...e79a696)

Updates `chainguard-dev/actions` from 1.6.19 to 1.6.21
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](chainguard-dev/actions@c69a264...05fbd38)

Updates `docker/setup-qemu-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@ce36039...0611638)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f)

Updates `goreleaser/goreleaser-action` from 7.2.1 to 7.2.2
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@1a80836...5daf1e9)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: chainguard-dev/actions
  dependency-version: 1.6.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@miparnisari miparnisari force-pushed the dependabot/github_actions/github-actions-c85c4af740 branch from 988fb5b to 5327459 Compare June 23, 2026 17:06
@miparnisari miparnisari enabled auto-merge (squash) June 23, 2026 17:06
@dependabot @github

dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 1, 2026
auto-merge was automatically disabled July 1, 2026 18:46

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-c85c4af740 branch July 1, 2026 18:46
@github-actions github-actions Bot locked and limited conversation to collaborators Jul 1, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant