Skip to content

build(deps): bump the actions group across 1 directory with 6 updates#293

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-74cdf0a4b5
Open

build(deps): bump the actions group across 1 directory with 6 updates#293
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-74cdf0a4b5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 5, 2026

Bumps the actions group with 6 updates in the / directory:

Package From To
cargo-bins/cargo-binstall 1.17.7 1.17.9
hustcer/setup-nu 3.22 3.23
astral-sh/setup-uv 7.3.1 8.0.0
rust-lang/crates-io-auth-action 1.0.3 1.0.4
actions/deploy-pages 4 5
codecov/codecov-action 5.5.2 6.0.0

Updates cargo-bins/cargo-binstall from 1.17.7 to 1.17.9

Release notes

Sourced from cargo-bins/cargo-binstall's releases.

v1.17.9

Binstall is a tool to fetch and install Rust-based executables as binaries. It aims to be a drop-in replacement for cargo install in most cases. Install it today with cargo install cargo-binstall, from the binaries below, or if you already have it, upgrade with cargo binstall cargo-binstall.

In this release:

  • Upgrade dependencies

v1.17.8

Binstall is a tool to fetch and install Rust-based executables as binaries. It aims to be a drop-in replacement for cargo install in most cases. Install it today with cargo install cargo-binstall, from the binaries below, or if you already have it, upgrade with cargo binstall cargo-binstall.

In this release:

  • Upgrade dependencies

Other changes:

  • Prebuilt signing process is much safer now (#2503)
Commits

Updates hustcer/setup-nu from 3.22 to 3.23

Release notes

Sourced from hustcer/setup-nu's releases.

v3.23

[3.23] - 2026-03-19

Features

  • Add nu/build.nu for assets building (#206)

Deps

  • Upgrade globby,@​biomejs/biome & lefthook
  • Upgrade lefthook,cspell,@​biomejs/biome,undici & @actions/*
  • Upgrade undici to 7.19.0
  • Upgrade @​actions/core,@​actions/tool-cache,undici,lefthook & semver (#205)
  • Upgrade undici,@​biomejs/biome,@​types/node & lefthook
  • Upgrade globby, @​biomejs/biome & cspell (#212)
  • Upgrade @​biomejs/biome,lefthook & undici
Changelog

Sourced from hustcer/setup-nu's changelog.

Changelog

All notable changes to this project will be documented in this file.

[3.23] - 2026-03-19

Features

  • Add nu/build.nu for assets building (#206)

Deps

  • Upgrade globby,@​biomejs/biome & lefthook
  • Upgrade lefthook,cspell,@​biomejs/biome,undici & @actions/*
  • Upgrade undici to 7.19.0
  • Upgrade @​actions/core,@​actions/tool-cache,undici,lefthook & semver (#205)
  • Upgrade undici,@​biomejs/biome,@​types/node & lefthook
  • Upgrade globby, @​biomejs/biome & cspell (#212)
  • Upgrade @​biomejs/biome,lefthook & undici

[3.22] - 2025-12-13

Bug Fixes

  • Added input validation for plugin registration to prevent injection vulnerabilities (#195)

Features

  • Add strict input validation and robust plugin registration; improve target selection and caching (#190)
  • Support proxies (#194)

Miscellaneous Tasks

  • Update .lefthook/pre-push/sync.nu
  • Update README.md
  • Bump actions/checkout from 5 to 6 (#191)
  • Drop 0.88.1 check
  • Update README
  • Update lefthook.yml
  • Upgrade runner os from macos-13 to macos-15
  • Update dist & format code

Deps

  • Upgrade @​octokit/rest,lefthook,@​types/node, and @​biomejs/biome
  • Upgrade pnpm to v10
  • Upgrade @​biomejs/biome,cspell & lefthook
  • Upgrade globby, @​biomejs/biome & cspell
  • Upgrade @​biomejs/biome,lefthook & cspell (#193)
  • Upgrade @​actions/core & lefthook

... (truncated)

Commits
  • 92c296b fix: Try to fix nu release script
  • 80e1ad3 update CHANGELOG.md for v3.23
  • 95a863f Bump to v3.23
  • 00b77ac deps: Upgrade @​biomejs/biome,lefthook & undici
  • 51f0fb9 Add Nu 0.111.0 to workflows
  • b66b096 chore: Test install nushell-pro SKILL
  • b025b69 deps: Upgrade globby, @​biomejs/biome & cspell (#212)
  • 8f2e5e5 deps: Upgrade undici,@​biomejs/biome,@​types/node & lefthook
  • 928c8f8 feat: Add nu/build.nu for assets building (#206)
  • 26a0b4c deps: Upgrade @​actions/core,@​actions/tool-cache,undici,lefthook & semver (#205)
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 7.3.1 to 8.0.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

🧰 Maintenance

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

We now default to download uv from releases.astral.sh. This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits

Updates rust-lang/crates-io-auth-action from 1.0.3 to 1.0.4

Release notes

Sourced from rust-lang/crates-io-auth-action's releases.

v1.0.4

What's Changed

Full Changelog: rust-lang/crates-io-auth-action@v1.0.3...v1.0.4

Commits
  • bbd8162 Merge pull request #213 from rust-lang/update-to-actions-core-3
  • 8c12a02 update to actions core 3
  • 57ca10c Merge pull request #212 from rust-lang/update-to-node-24
  • 03c291b update to node 24
  • 16020e9 Merge pull request #192 from rust-lang/renovate/lock-file-maintenance
  • eea9b15 chore(deps): lock file maintenance
  • 0beb7de Merge pull request #211 from rust-lang/update-tsdown-to-v0-21
  • e143bce fix deprecation
  • b1c8245 update tsdown to v0.21
  • bec4b39 Merge pull request #209 from rust-lang/renovate/major-github-actions
  • Additional commits viewable in compare view

Updates actions/deploy-pages from 4 to 5

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.5

Changelog

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.4

Changelog

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.3

Changelog

... (truncated)

Commits
  • cd2ce8f Merge pull request #404 from salmanmkc/node24
  • bbe2a95 Update Node.js version to 24.x
  • 854d7aa Merge pull request #374 from actions/Jcambass-patch-1
  • 306bb81 Add workflow file for publishing releases to immutable action package
  • b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
  • 7273294 Bump braces in the npm_and_yarn group across 1 directory
  • 963791f Merge pull request #361 from actions/dependabot-friendly
  • 51bb29d Make the rebuild dist workflow safer for Dependabot
  • 89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
  • bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.2 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the actions group across 1 directory with 6 updates
c608e45 
Bumps the actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [cargo-bins/cargo-binstall](https://github.com/cargo-bins/cargo-binstall) | `1.17.7` | `1.17.9` |
| [hustcer/setup-nu](https://github.com/hustcer/setup-nu) | `3.22` | `3.23` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.3.1` | `8.0.0` |
| [rust-lang/crates-io-auth-action](https://github.com/rust-lang/crates-io-auth-action) | `1.0.3` | `1.0.4` |
| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4` | `5` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` |



Updates `cargo-bins/cargo-binstall` from 1.17.7 to 1.17.9
- [Release notes](https://github.com/cargo-bins/cargo-binstall/releases)
- [Changelog](https://github.com/cargo-bins/cargo-binstall/blob/main/release-plz.toml)
- [Commits](cargo-bins/cargo-binstall@1800853...0b24824)

Updates `hustcer/setup-nu` from 3.22 to 3.23
- [Release notes](https://github.com/hustcer/setup-nu/releases)
- [Changelog](https://github.com/hustcer/setup-nu/blob/main/CHANGELOG.md)
- [Commits](hustcer/setup-nu@920172d...92c296b)

Updates `astral-sh/setup-uv` from 7.3.1 to 8.0.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@5a095e7...cec2083)

Updates `rust-lang/crates-io-auth-action` from 1.0.3 to 1.0.4
- [Release notes](https://github.com/rust-lang/crates-io-auth-action/releases)
- [Commits](rust-lang/crates-io-auth-action@b7e9a28...bbd8162)

Updates `actions/deploy-pages` from 4 to 5
- [Release notes](https://github.com/actions/deploy-pages/releases)
- [Commits](actions/deploy-pages@v4...v5)

Updates `codecov/codecov-action` from 5.5.2 to 6.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@671740a...57e3a13)

---
updated-dependencies:
- dependency-name: cargo-bins/cargo-binstall
  dependency-version: 1.17.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: hustcer/setup-nu
  dependency-version: '3.23'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: rust-lang/crates-io-auth-action
  dependency-version: 1.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: actions/deploy-pages
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 5, 2026
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 5, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.90%. Comparing base (a7f94cb) to head (c608e45).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #293   +/-   ##
=======================================
  Coverage   96.90%   96.90%           
=======================================
  Files          14       14           
  Lines        3167     3167           
=======================================
  Hits         3069     3069           
  Misses         98       98

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants