Skip to content

Bump the all-actions group with 5 updates#14447

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/all-actions-a0d8ae790a
Closed

Bump the all-actions group with 5 updates#14447
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/all-actions-a0d8ae790a

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 15, 2026
edited
Loading

Bumps the all-actions group with 5 updates:

Package From To
dorny/paths-filter 3.0.2 4.0.1
ruby/setup-ruby 1.290.0 1.293.0
actions/create-github-app-token 2.2.1 3.0.0
sigstore/cosign-installer 4.0.0 4.1.0
zizmorcore/zizmor-action 0.5.1 0.5.2

Updates dorny/paths-filter from 3.0.2 to 4.0.1

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v3...v3.0.3

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.1

v2.11.0

v2.10.2

v2.10.1

v2.10.0

v2.9.3

v2.9.2

v2.9.1

v2.9.0

... (truncated)

Commits
  • fbd0ab8 feat: add merge_group event support
  • efb1da7 feat: add dist/ freshness check to PR workflow
  • d8f7b06 Merge pull request #302 from dorny/issue-299
  • addbc14 Update README for v4
  • 9d7afb8 Update CHANGELOG for v4.0.0
  • 782470c Merge branch 'releases/v3'
  • d1c1ffe Update CHANGELOG for v3.0.3
  • ce10459 Merge pull request #294 from saschabratton/master
  • 5f40380 feat: update action runtime to node24
  • 668c092 Merge pull request #279 from wardpeet/patch-1
  • Additional commits viewable in compare view

Updates ruby/setup-ruby from 1.290.0 to 1.293.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.293.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.292.0...v1.293.0

v1.292.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.291.0...v1.292.0

v1.291.0

What's Changed

Full Changelog: ruby/setup-ruby@v1.290.0...v1.291.0

Commits

Updates actions/create-github-app-token from 2.2.1 to 3.0.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

BREAKING CHANGES

  • Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
  • Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

  • deps: bump @​actions/core from 1.11.1 to 3.0.0 (#337) (b044133)
  • deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)
  • deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)
  • deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

  • fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

  • Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

  • deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)
  • deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)
  • deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
  • deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Commits
  • f8d387b build(release): 3.0.0 [skip ci]
  • d2129bd style: remove extra blank line in release workflow
  • 77b94ef build: refresh generated artifacts
  • 3ab4c66 chore: move undici to devDependencies
  • 739cf66 docs: update README action versions
  • db40289 build(deps): bump actions versions in test.yml
  • 496a7ac test: migrate from AVA to Node.js native test runner (#346)
  • 3870dc3 Rename end-to-end proxy job in test workflow
  • 4451bcb fix!: require NODE_USE_ENV_PROXY for proxy support (#342)
  • dce0ab0 fix: remove custom proxy handling (#143)
  • Additional commits viewable in compare view

Updates sigstore/cosign-installer from 4.0.0 to 4.1.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

Commits

Updates zizmorcore/zizmor-action from 0.5.1 to 0.5.2

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.2

What's Changed

  • zizmor 1.23.1 is now the default used by this action.

Full Changelog: zizmorcore/zizmor-action@v0.5.1...v0.5.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all-actions group with 5 updates
a3fe1c3 
Bumps the all-actions group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3.0.2` | `4.0.1` |
| [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.290.0` | `1.293.0` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.1` | `3.0.0` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.0.0` | `4.1.0` |
| [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.1` | `0.5.2` |


Updates `dorny/paths-filter` from 3.0.2 to 4.0.1
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](dorny/paths-filter@de90cc6...fbd0ab8)

Updates `ruby/setup-ruby` from 1.290.0 to 1.293.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](ruby/setup-ruby@6ca151f...dffb23f)

Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@29824e6...f8d387b)

Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@faadad0...ba7bc0a)

Updates `zizmorcore/zizmor-action` from 0.5.1 to 0.5.2
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](zizmorcore/zizmor-action@195d10a...71321a2)

---
updated-dependencies:
- dependency-name: dorny/paths-filter
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: ruby/setup-ruby
  dependency-version: 1.293.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-actions
- dependency-name: actions/create-github-app-token
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies github_actions Pull requests that update GitHub Actions code labels Mar 15, 2026
@dependabot dependabot Bot requested a review from a team as a code owner March 15, 2026 16:04
@dependabot dependabot Bot added dependencies github_actions Pull requests that update GitHub Actions code labels Mar 15, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Mar 19, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Mar 19, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/all-actions-a0d8ae790a branch March 19, 2026 19:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants