Skip to content

build(deps): bump the gh-actions group across 1 directory with 9 updates#1561

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/gh-actions-352d5a15b8
Closed

build(deps): bump the gh-actions group across 1 directory with 9 updates#1561
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/gh-actions-352d5a15b8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 22, 2026

Copy link
Copy Markdown
Contributor

Bumps the gh-actions group with 9 updates in the / directory:

Package From To
haskell-actions/setup 2.10.3 2.11.0
actions/cache 5.0.4 5.0.5
actions/upload-artifact 7.0.0 7.0.1
docker/login-action 4.0.0 4.1.0
docker/build-push-action 7.0.0 7.1.0
cachix/install-nix-action 31.10.2 31.10.5
DeterminateSystems/nix-installer-action 21 22
sigstore/gh-action-sigstore-python 3.2.0 3.3.0
softprops/action-gh-release 2.6.1 3.0.0

Updates haskell-actions/setup from 2.10.3 to 2.11.0

Release notes

Sourced from haskell-actions/setup's releases.

v2.11.0

GHC: try ghcup first, choco only as fallback

What's Changed

Full Changelog: haskell-actions/setup@v2.10.3...v2.11.0

v2.10.4

Add GHC 9.12.4 and Stack 3.9.3

What's Changed

Full Changelog: haskell-actions/setup@v2.10.3...v2.10.4

Commits
  • cd0d9bd GHC: try ghcup first, choco only as fallback
  • 4568e64 Bump softprops/action-gh-release from 2 to 3
  • de26526 Add GHC 9.12.4 and Stack 3.9.3
  • See full diff in compare view

Updates actions/cache from 5.0.4 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • See full diff in compare view

Updates docker/login-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits
  • 4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 1e233e6 chore: update generated content
  • 6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
  • ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
  • 1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
  • d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
  • a6f092b chore: update generated content
  • 60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
  • 62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 102c0e6 chore: update generated content
  • Additional commits viewable in compare view

Updates docker/build-push-action from 7.0.0 to 7.1.0

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

Commits
  • bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
  • 18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
  • 46580d2 chore: update generated content
  • 3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
  • efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
  • ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
  • db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
  • ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
  • 2d8f2a1 chore: update generated content
  • 919ac7b fix test since secrets are not written to temp path anymore
  • Additional commits viewable in compare view

Updates cachix/install-nix-action from 31.10.2 to 31.10.5

Release notes

Sourced from cachix/install-nix-action's releases.

v31.10.5

What's Changed

Full Changelog: cachix/install-nix-action@v31...v31.10.5

v31.10.4

What's Changed

Full Changelog: cachix/install-nix-action@v31.10.3...v31.10.4

v31.10.3

What's Changed

Full Changelog: cachix/install-nix-action@v31...v31.10.3

Commits
  • ab73962 Merge pull request #274 from cachix/create-pull-request/patch
  • 41e4d4a nix: 2.34.5 -> 2.34.6
  • 6165592 Merge pull request #273 from cachix/create-pull-request/patch
  • b9f700d nix: 2.34.4 -> 2.34.5
  • 96951a3 Merge pull request #271 from cachix/create-pull-request/patch
  • 6281169 nix: 2.34.2 -> 2.34.4
  • See full diff in compare view

Updates DeterminateSystems/nix-installer-action from 21 to 22

Release notes

Sourced from DeterminateSystems/nix-installer-action's releases.

v22

What's Changed

New Contributors

Full Changelog: DeterminateSystems/nix-installer-action@v21...v22

Commits
  • ef8a148 Update deps, go to node24 (#239)
  • e02dcf8 Update detsys-ts: Drop the old schemas and integrate the open PRs (#162) (#...
  • 9a59e15 Attach build provenance (#236)
  • d96bc96 Update detsys-ts for: unoptional timeout ([#146](https://github.com/determinatesystems/nix-installer-action/issues/146)) (`a621ba724bb21cc2907e525...
  • 874a984 Merge pull request #233 from detsys-pr-bot/detsys-ts-update-d0fa3dbd59ce2872d...
  • 1ae2553 Update detsys-ts for: Fix default value for Action option ([#144](https://github.com/determinatesystems/nix-installer-action/issues/144)) (`d0fa3d...
  • d9137d7 flake.lock: Update
  • 95f009f Update detsys-ts: Bump fast-xml-parser from 5.3.4 to 5.3.6 (#140) (#231)
  • 86cbc89 Update detsys-ts: Bump the npm-deps group across 1 directory with 9 updates...
  • 500e7f9 Update detsys-ts for: Bump fast-xml-parser from 5.3.3 to 5.3.4 ([#134](https://github.com/determinatesystems/nix-installer-action/issues/134)) (`1...
  • Additional commits viewable in compare view

Updates sigstore/gh-action-sigstore-python from 3.2.0 to 3.3.0

Release notes

Sourced from sigstore/gh-action-sigstore-python's releases.

v3.3.0

What's Changed

  • Dependency updates. Most importantly used sigstore-python is now version 4.2.0

Full Changelog: sigstore/gh-action-sigstore-python@v3.2.0...v3.3.0

Commits
  • 04cffa1 build(deps): bump requests from 2.32.5 to 2.33.0 in /requirements (#342)
  • 69171e8 build(deps): bump charset-normalizer in the python-dependencies group (#340)
  • 40198d7 build(deps): bump github/codeql-action in the actions group (#338)
  • ca55bb0 build(deps): bump the python-dependencies group with 2 updates (#339)
  • 2736143 build(deps): bump the actions group with 3 updates (#335)
  • 9afbb88 build(deps): bump pyasn1 from 0.6.2 to 0.6.3 in /requirements (#337)
  • eb907b0 build(deps): bump pyopenssl from 25.3.0 to 26.0.0 in /requirements (#334)
  • 84eaebf build(deps): bump astral-sh/setup-uv in the actions group (#331)
  • 57c12be build(deps): bump charset-normalizer in the python-dependencies group (#332)
  • 57918d7 build(deps): bump pyjwt from 2.11.0 to 2.12.0 in /requirements (#333)
  • Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.6.1 to 3.0.0

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.6.2

Changelog

Sourced from softprops/action-gh-release's changelog.

3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

2.6.2

What's Changed

Other Changes 🔄

2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Commits
  • b430933 release: cut v3.0.0 for Node 24 upgrade (#670)
  • c2e35e0 chore(deps): bump the npm group across 1 directory with 7 updates (#783)
  • 3bb1273 release 2.6.2
  • c34030f chore: bump node to 24.14.1
  • 8975bd0 chore(deps): bump vite from 8.0.0 to 8.0.5 (#781)
  • f71937f chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 (#777)
  • 3f0d239 chore(deps): bump picomatch from 4.0.3 to 4.0.4 (#775)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the gh-actions group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.10.3` | `2.11.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.1.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.1.0` |
| [cachix/install-nix-action](https://github.com/cachix/install-nix-action) | `31.10.2` | `31.10.5` |
| [DeterminateSystems/nix-installer-action](https://github.com/determinatesystems/nix-installer-action) | `21` | `22` |
| [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) | `3.2.0` | `3.3.0` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.6.1` | `3.0.0` |



Updates `haskell-actions/setup` from 2.10.3 to 2.11.0
- [Release notes](https://github.com/haskell-actions/setup/releases)
- [Commits](haskell-actions/setup@f9150cb...cd0d9bd)

Updates `actions/cache` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@6682284...27d5ce7)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `docker/login-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@b45d80f...4907a6d)

Updates `docker/build-push-action` from 7.0.0 to 7.1.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@d08e5c3...bcafcac)

Updates `cachix/install-nix-action` from 31.10.2 to 31.10.5
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md)
- [Commits](cachix/install-nix-action@51f3067...ab73962)

Updates `DeterminateSystems/nix-installer-action` from 21 to 22
- [Release notes](https://github.com/determinatesystems/nix-installer-action/releases)
- [Commits](DeterminateSystems/nix-installer-action@c5a866b...ef8a148)

Updates `sigstore/gh-action-sigstore-python` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases)
- [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md)
- [Commits](sigstore/gh-action-sigstore-python@a5caf34...04cffa1)

Updates `softprops/action-gh-release` from 2.6.1 to 3.0.0
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@153bb8e...b430933)

---
updated-dependencies:
- dependency-name: haskell-actions/setup
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions
- dependency-name: cachix/install-nix-action
  dependency-version: 31.10.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: gh-actions
- dependency-name: DeterminateSystems/nix-installer-action
  dependency-version: '22'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions
- dependency-name: sigstore/gh-action-sigstore-python
  dependency-version: 3.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-actions
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gh-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 22, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 22, 2026
@dependabot @github

dependabot Bot commented on behalf of github Apr 29, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 29, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/gh-actions-352d5a15b8 branch April 29, 2026 21:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants