chore(deps): bump the github-actions group across 1 directory with 9 updates by dependabot[bot] · Pull Request #9 · challgren/aircraft-patterns

dependabot · 2026-05-11T04:32:20Z

Bumps the github-actions group with 9 updates in the / directory:

Package	From	To
actions/checkout	`4`	`6`
docker/setup-qemu-action	`3`	`4`
docker/setup-buildx-action	`3`	`4`
docker/login-action	`3`	`4`
docker/build-push-action	`6`	`7`
hadolint/hadolint-action	`3.1.0`	`3.3.0`
actions/setup-python	`5`	`6`
github/codeql-action	`3`	`4`
actions/dependency-review-action	`4`	`5`

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3 to 4

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

v3.7.0

Bump @docker/actions-toolkit from 0.56.0 to 0.67.0 in docker/setup-qemu-action#217 docker/setup-qemu-action#230

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-qemu-action#220

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-qemu-action#218

Bump tmp from 0.2.3 to 0.2.4 in docker/setup-qemu-action#221

Bump undici from 5.28.4 to 5.29.0 in docker/setup-qemu-action#219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

v3.6.0

Display binfmt version by @crazy-max in docker/setup-qemu-action#202

Full Changelog: docker/setup-qemu-action@v3.5.0...v3.6.0

v3.5.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-qemu-action#205

Full Changelog: docker/setup-qemu-action@v3.4.0...v3.5.0

v3.4.0

Bump @docker/actions-toolkit from 0.49.0 to 0.54.0 in docker/setup-qemu-action#193 docker/setup-qemu-action#197

Full Changelog: docker/setup-qemu-action@v3.3.0...v3.4.0

v3.3.0

Add cache-image input to enable/disable caching of binfmt image by @crazy-max in docker/setup-qemu-action#130

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-qemu-action#172

Bump @docker/actions-toolkit from 0.35.0 to 0.49.0 in docker/setup-qemu-action#187

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-qemu-action#182

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-qemu-action#162

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

v3.2.0

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-qemu-action#154 docker/setup-qemu-action#155

Full Changelog: docker/setup-qemu-action@v3.1.0...v3.2.0

v3.1.0

... (truncated)

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3 to 4

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v3.12.0

Deprecate install input by @crazy-max in docker/setup-buildx-action#455

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432

Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Fix keep-state not being respected by @crazy-max in docker/setup-buildx-action#429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Keep BuildKit state support by @crazy-max in docker/setup-buildx-action#427

Remove aliases created when installing by default by @hashhar in docker/setup-buildx-action#139

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/setup-buildx-action#422 docker/setup-buildx-action#425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

v3.10.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-buildx-action#408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Bump @docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

... (truncated)

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates docker/login-action from 3 to 4

Release notes

Sourced from docker/login-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v3.7.0

Add scope input to set scopes for the authentication token by @crazy-max in docker/login-action#912

Add support for AWS European Sovereign Cloud ECR by @dphi in docker/login-action#914

Ensure passwords are redacted with registry-auth input by @crazy-max in docker/login-action#911

build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

Bump @aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870

Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Bump @actions/core from 1.10.1 to 1.11.1 in docker/login-action#791

Bump @aws-sdk/client-ecr to 3.766.0 in docker/login-action#789 docker/login-action#856

Bump @aws-sdk/client-ecr-public to 3.758.0 in docker/login-action#789 docker/login-action#856

Bump @docker/actions-toolkit from 0.35.0 to 0.57.0 in docker/login-action#801 docker/login-action#806 docker/login-action#858

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/login-action#814

Bump https-proxy-agent from 7.0.5 to 7.0.6 in docker/login-action#823

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/login-action#777

Full Changelog: docker/login-action@v3.3.0...v3.4.0

... (truncated)

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates docker/build-push-action from 6 to 7

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

v6.18.0

Bump @docker/actions-toolkit from 0.61.0 to 0.62.1 in docker/build-push-action#1381

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Bump @docker/actions-toolkit from 0.59.0 to 0.61.0 by @crazy-max in docker/build-push-action#1364

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

Handle no default attestations env var by @crazy-max in docker/build-push-action#1343

... (truncated)

Commits

bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
46580d2 chore: update generated content
3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
2d8f2a1 chore: update generated content
919ac7b fix test since secrets are not written to temp path anymore
Additional commits viewable in compare view

Updates hadolint/hadolint-action from 3.1.0 to 3.3.0

Release notes

Sourced from hadolint/hadolint-action's releases.

v3.3.0

3.3.0 (2025-09-22)

Features

trigger release workflow (2332a7b)

v3.2.0

3.2.0 (2025-09-03)

Features

new minor release (3fc49fb)

Commits

2332a7b feat: trigger release workflow
2bfd2b9 Don't trigger release workflow on Tag
0931ae0 Release v3.3.0
3fc49fb feat: new minor release
45eb072 Trigger release workflow on tag
97f3e4f Merge pull request #94 from felipecrs/patch-1
3e9a095 Merge branch 'master' into patch-1
3285327 Merge pull request #96 from m-ildefons/update-ci-yml
8bde06f Update CI yml
24598f4 Update base image for Hadolint
Additional commits viewable in compare view

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Workflow updates related to Ubuntu 20.04 by @aparnajyothi-y in actions/setup-python#1065

Fix for Candidate Not Iterable Error by @aparnajyothi-y in actions/setup-python#1082

Upgrade semver and @types/semver by @dependabot in actions/setup-python#1091

Upgrade prettier from 2.8.8 to 3.5.3 by @dependabot in actions/setup-python#1046

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-python#1081

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Support free threaded Python versions like '3.13t' by @colesbury in actions/setup-python#973

Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade @action/cache from 4.0.0 to 4.0.3 by @priya-kinthali in actions/setup-python#1056

Add support for .tool-versions file in setup-python by @mahabaleshwars in actions/setup-python#1043

Bug fixes:

Fix architecture for pypy on Linux ARM64 by @mayeut in actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.

... (truncated)

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
Additional commits viewable in compare view

Updates github/codeql-action from 3 to 4

Release notes

Sourced from github/codeql-action's releases.

v3.35.4

Update default CodeQL bundle version to 2.25.4. #3881

v3.35.3

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of the...
Description has been truncated

…updates Bumps the github-actions group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` | | [hadolint/hadolint-action](https://github.com/hadolint/hadolint-action) | `3.1.0` | `3.3.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4` | `5` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) Updates `hadolint/hadolint-action` from 3.1.0 to 3.3.0 - [Release notes](https://github.com/hadolint/hadolint-action/releases) - [Commits](hadolint/hadolint-action@v3.1.0...v3.3.0) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3...v4) Updates `actions/dependency-review-action` from 4 to 5 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: hadolint/hadolint-action dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-11T04:32:21Z

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

dependabot Bot added the dependencies Pull requests that update a dependency file label May 11, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions group across 1 directory with 9 updates#9

chore(deps): bump the github-actions group across 1 directory with 9 updates#9
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-16a0d42814

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 11, 2026

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v4.0.0

v3.12.0

v3.11.1

v3.11.0

v3.10.0

v3.9.0

v3.8.0

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v7.0.0

v6.19.2

v6.19.1

v6.19.0

v6.18.0

v6.17.0

v6.16.0

v3.3.0

3.3.0 (2025-09-22)

Features

v3.2.0

3.2.0 (2025-09-03)

Features

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.6.0

What's Changed

v5.5.0

What's Changed

Enhancements:

Bug fixes:

v3.35.4

v3.35.3

Uh oh!

dependabot Bot commented on behalf of github May 11, 2026

Labels

Uh oh!