Skip to content

ci(deps): bump the github-actions group across 1 directory with 5 updates#119

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-30c152663f
Open

ci(deps): bump the github-actions group across 1 directory with 5 updates#119
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-30c152663f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 7, 2026

Copy link
Copy Markdown

Bumps the github-actions group with 5 updates in the / directory:

Package From To
actions/checkout 3 7
actions/setup-dotnet 4 5
actions/cache 4 6
actions/upload-artifact 4 7
github/codeql-action 3 4

Updates actions/checkout from 3 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/setup-dotnet from 4 to 5

Release notes

Sourced from actions/setup-dotnet's releases.

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Updates

Bug Fixes

New Contributors

Full Changelog: actions/setup-dotnet@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/setup-dotnet@v4...v4.3.1

v4.3.0

What's Changed

New Contributors

... (truncated)

Commits
  • 26b0ec1 Expand the CSC problem matcher to light up more errors on GitHub. (#717)
  • da5e548 docs(action): explicitly mark all optional inputs with required: false (#737)
  • 9bd3b44 Improve readability of global.json creation command (#694)
  • 4406a63 Bump @​actions/cache to 5.1.0, log cache write denied (#746)
  • dc3262d pin actions to commit SHAs in workflows (#744)
  • 95a3f8b Validate global.json SDK version before rollForward optimization (#742)
  • 9a946fd Add rollForward note in README, improve proxy health check in e2e tests and b...
  • 98af08b Support global.json's rollForward latest* variants (#538)
  • 8404272 Update install scripts to v2026.05.19 (#736)
  • f1970f5 Don't download releases-index.json to resolve major version (#560)
  • Additional commits viewable in compare view

Updates actions/cache from 4 to 6

Release notes

Sourced from actions/cache's releases.

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

New Contributors

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR feedback
  • 6074912 Rebuild dist bundles as ESM to match type:module
  • 5a912e8 Fix lint and jest issues
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

Updates github/codeql-action from 3 to 4

Release notes

Sourced from github/codeql-action's releases.

v3.36.3

No user facing changes.

v3.36.2

  • Cache CodeQL CLI version information across Actions steps. #3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
  • Update default CodeQL bundle version to 2.25.6. #3948

v3.36.1

No user facing changes.

v3.36.0

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926

v3.35.5

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

v3.35.4

  • Update default CodeQL bundle version to 2.25.4. #3881

v3.35.3

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865

v3.35.2

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
  • Update default CodeQL bundle version to 2.25.2. #3823

v3.35.1

v3.35.0

v3.34.1

  • Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

v3.34.0

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

4.36.2 - 04 Jun 2026

  • Cache CodeQL CLI version information across Actions steps. #3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
  • Update default CodeQL bundle version to 2.25.6. #3948

4.36.1 - 02 Jun 2026

No user facing changes.

4.36.0 - 22 May 2026

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926

4.35.5 - 15 May 2026

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

  • Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
  • Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

4.35.0 - 27 Mar 2026

... (truncated)

Commits
  • 423f7de Update glob to at least 13.0.6
  • dd3c803 Merge pull request #3969 from github/mbg/ci/no-more-draft-prs
  • d990aa1 Merge branch 'main' into henrymercer/code-quality-user-error-categorization
  • c9d4e1d Merge branch 'main' into mbg/ci/no-more-draft-prs
  • ade8366 Merge pull request #3971 from github/henrymercer/macos-runner-migration
  • cdcf508 Default macOS PR checks to latest runner, pin only old CLIs to macOS 15
  • See full diff in compare view

@dependabot @github

dependabot Bot commented on behalf of github May 7, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown

order-query-api — image built (not pushed; PR build)

behdadkardgar/order-query-api:pr-119
behdadkardgar/order-query-api:sha-da3b595
ghcr.io/behdad088/order-query-api:pr-119
ghcr.io/behdad088/order-query-api:sha-da3b595

@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown

order-query-eventprocessor — image built (not pushed; PR build)

behdadkardgar/order-query-eventprocessor:pr-119
behdadkardgar/order-query-eventprocessor:sha-da3b595
ghcr.io/behdad088/order-query-eventprocessor:pr-119
ghcr.io/behdad088/order-query-eventprocessor:sha-da3b595

@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown

eshop-basket-api — image built (not pushed; PR build)

behdadkardgar/eshop-basket.api:pr-119
behdadkardgar/eshop-basket.api:sha-da3b595
ghcr.io/behdad088/eshop-basket.api:pr-119
ghcr.io/behdad088/eshop-basket.api:sha-da3b595

@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown

eshop-catalog-api — image built (not pushed; PR build)

behdadkardgar/eshop-catalog.api:pr-119
behdadkardgar/eshop-catalog.api:sha-da3b595
ghcr.io/behdad088/eshop-catalog.api:pr-119
ghcr.io/behdad088/eshop-catalog.api:sha-da3b595

@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown

api-gateways — image built (not pushed; PR build)

behdadkardgar/api-gateways:pr-119
behdadkardgar/api-gateways:sha-da3b595
ghcr.io/behdad088/api-gateways:pr-119
ghcr.io/behdad088/api-gateways:sha-da3b595

@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown

eshop-discount-grpc — image built (not pushed; PR build)

behdadkardgar/eshop-discount.grpc:pr-119
behdadkardgar/eshop-discount.grpc:sha-da3b595
ghcr.io/behdad088/eshop-discount.grpc:pr-119
ghcr.io/behdad088/eshop-discount.grpc:sha-da3b595

@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown

order-command-api — image built (not pushed; PR build)

behdadkardgar/order-command.api:pr-119
behdadkardgar/order-command.api:sha-da3b595
ghcr.io/behdad088/order-command.api:pr-119
ghcr.io/behdad088/order-command.api:sha-da3b595

@github-actions

github-actions Bot commented May 7, 2026

Copy link
Copy Markdown

identity-api — image built (not pushed; PR build)

behdadkardgar/identity.api:pr-119
behdadkardgar/identity.api:sha-da3b595
ghcr.io/behdad088/identity.api:pr-119
ghcr.io/behdad088/identity.api:sha-da3b595

@dependabot dependabot Bot changed the title ci(deps): bump the github-actions group with 5 updates ci(deps): bump the github-actions group across 1 directory with 5 updates May 14, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-30c152663f branch 2 times, most recently from 7b2600b to 3f982a3 Compare May 18, 2026 12:01
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-30c152663f branch from 3f982a3 to d95d508 Compare June 1, 2026 23:52
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-30c152663f branch from d95d508 to a577e46 Compare June 29, 2026 07:25
…ates

Bumps the github-actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `3` | `7` |
| [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `4` | `5` |
| [actions/cache](https://github.com/actions/cache) | `4` | `6` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |



Updates `actions/checkout` from 3 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v7)

Updates `actions/setup-dotnet` from 4 to 5
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](actions/setup-dotnet@v4...v5)

Updates `actions/cache` from 4 to 6
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v4...v6)

Updates `actions/upload-artifact` from 4 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v7)

Updates `github/codeql-action` from 3 to 4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-dotnet
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-30c152663f branch from a577e46 to 939cf4d Compare July 6, 2026 07:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants