Skip to content

Bump the all group across 1 directory with 10 updates#1367

Merged
vincentsarago merged 2 commits into
mainfrom
dependabot/github_actions/all-aa67694289
Apr 21, 2026
Merged

Bump the all group across 1 directory with 10 updates#1367
vincentsarago merged 2 commits into
mainfrom
dependabot/github_actions/all-aa67694289

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 18, 2026

Copy link
Copy Markdown
Contributor

Bumps the all group with 10 updates in the / directory:

Package From To
benchmark-action/github-action-benchmark 1.21.0 1.22.0
docker/build-push-action 7.0.0 7.1.0
astral-sh/setup-uv 7.6.0 8.0.0
codecov/codecov-action 5.5.4 6.0.0
docker/login-action 4.0.0 4.1.0
aws-actions/configure-aws-credentials 6.0.0 6.1.0
googleapis/release-please-action 4.4.0 4.4.1
actions/upload-artifact 7.0.0 7.0.1
pypa/gh-action-pypi-publish 1.13.0 1.14.0
github/codeql-action 4.34.1 4.35.1

Updates benchmark-action/github-action-benchmark from 1.21.0 to 1.22.0

Release notes

Sourced from benchmark-action/github-action-benchmark's releases.

v1.22.0

  • chore bump node to 24 (#339)

Full Changelog: benchmark-action/github-action-benchmark@v1.21.0...v1.22.0

Changelog

Sourced from benchmark-action/github-action-benchmark's changelog.

Unreleased

v1.22.0 - 31 Mar 2026

  • chore bump node to 24 (#339)

v1.21.0 - 02 Mar 2026

  • fix include package name for duplicate bench names (#330)
  • fix avoid duplicate package suffix in Go benchmarks (#337)

v1.20.7 - 06 Sep 2025

  • fix improve parsing for custom benchmarks (#323)

v1.20.5 - 02 Sep 2025

  • feat allow to parse generic cargo bench/criterion units (#280)
  • fix add summary even when failure threshold is surpassed (#285)
  • fix time units are not normalized (#318)

v1.20.4 - 23 Oct 2024

  • feat add typings and validation workflow (#257)

v1.20.3 - 19 May 2024

  • fix Catch2 v.3.5.0 changed output format (#247)

v1.20.2 - 19 May 2024

  • fix Support sub-nanosecond precision on Cargo benchmarks (#246)

v1.20.1 - 02 Apr 2024

  • fix release script

v1.20.0 - 02 Apr 2024

  • fix Rust benchmarks not comparing to baseline (#235)
  • feat Comment on PR and auto update comment (#223)

v1.19.3 - 02 Feb 2024

  • fix ratio is NaN when previous value is 0. Now, print 1 when both values are 0 and +-∞ when divisor is 0 (#222)
  • fix action hangs in some cases for go fiber benchmarks (#225)

v1.19.2 - 26 Jan 2024

  • fix markdown rendering for summary is broken (#218)

... (truncated)

Commits

Updates docker/build-push-action from 7.0.0 to 7.1.0

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

Commits
  • bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
  • 18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
  • 46580d2 chore: update generated content
  • 3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
  • efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
  • ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
  • db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
  • ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
  • 2d8f2a1 chore: update generated content
  • 919ac7b fix test since secrets are not written to temp path anymore
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 7.6.0 to 8.0.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

🧰 Maintenance

Commits

Updates codecov/codecov-action from 5.5.4 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates docker/login-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits
  • 4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 1e233e6 chore: update generated content
  • 6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
  • ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
  • 1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
  • d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
  • a6f092b chore: update generated content
  • 60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
  • 62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 102c0e6 chore: update generated content
  • Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.1.0

6.1.0 (2026-04-06)

Features

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.1.0 (2026-04-06)

Features

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Features

Bug Fixes

  • properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

5.1.1 (2025-11-24)

Miscellaneous Chores

5.1.0 (2025-10-06)

Features

Bug Fixes

5.0.0 (2025-09-03)

... (truncated)

Commits

Updates googleapis/release-please-action from 4.4.0 to 4.4.1

Release notes

Sourced from googleapis/release-please-action's releases.

v4.4.1

4.4.1 (2026-02-20)

Bug Fixes

  • bump release-please from 17.1.3 to 17.3.0 (#1183) (ef9c274)
Changelog

Sourced from googleapis/release-please-action's changelog.

Changelog

4.4.1 (2026-02-20)

Bug Fixes

  • bump release-please from 17.1.3 to 17.3.0 (#1183) (ef9c274)

4.4.0 (2025-10-09)

Features

  • add ability to select versioning-strategy and release-as (#1121) (ee0f5ba)

Bug Fixes

  • changelog-host parameter ignored when using manifest configuration (#1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#1158) (66fbfe9)

4.3.0 (2025-08-20)

Features

  • deps: update release-please to 17.1.2 (f07192c)

4.2.0 (2025-03-07)

Features

  • support for skip-labeling parameter for GitHub action (#1066) (fb7f385)

4.1.5 (2025-02-27)

Bug Fixes

4.1.4 (2024-10-02)

Bug Fixes

  • bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group (#1015) (5ec1cbd)

... (truncated)

Commits

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • See full diff in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

GH Sponsors badge

Commits
  • cef2210 Merge pull request #397 from whitequark/patch-1
  • b4595e2 Enable verbose and print-hash by default.
  • e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
  • 7495c38 docs: fix typos and grammar in README and SECURITY
  • 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
  • 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
  • b5a6e8b deps: bump sigstore and pypi-attestations
  • a48a03e remove another experimental mention
  • 8087a88 action: remove a lingering mention of PEP 740 being experimental
  • 3317ede 🧪 Integrate actionlint via pre-commit framework
  • Additional commits viewable in compare view

Updates github/codeql-action from 4.34.1 to 4.35.1

Release notes

Sourced from github/codeql-action's releases.

v4.35.1

v4.35.0

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.35.2 - 15 Apr 2026

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
  • Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

4.35.0 - 27 Mar 2026

4.34.1 - 20 Mar 2026

  • Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

4.34.0 - 20 Mar 2026

  • Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569
  • We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584
  • Update default CodeQL bundle version to 2.25.0. #3585

4.33.0 - 16 Mar 2026

  • Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

    To opt out of this change:

    • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
    • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
    • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

  • The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

  • Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

  • Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

  • A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

4.32.6 - 05 Mar 2026

... (truncated)

Commits
  • c10b806 Merge pull request #3782 from github/update-v4.35.1-d6d1743b8
  • c5ffd06 Update changelog for v4.35.1
  • d6d1743 Merge pull request #3781 from github/henrymercer/update-git-minimum-version
  • 65d2efa Add changelog note
  • 2437b20 Update minimum git version for overlay to 2.36.0
  • ea5f719 Merge pull request #3775 from github/dependabot/npm_and_yarn/node-forge-1.4.0
  • 45ceeea Merge pull request #3777 from github/mergeback/v4.35.0-to-main-b8bb9f28
  • 24448c9 Rebuild
  • 7c51060 Update changelog and version after v4.35.0
  • b8bb9f2 Merge pull request #3776 from github/update-v4.35.0-0078ad667
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourse...

Description has been truncated

Bumps the all group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [benchmark-action/github-action-benchmark](https://github.com/benchmark-action/github-action-benchmark) | `1.21.0` | `1.22.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.1.0` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.6.0` | `8.0.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.4` | `6.0.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.1.0` |
| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.0` |
| [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.4.0` | `4.4.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.34.1` | `4.35.1` |



Updates `benchmark-action/github-action-benchmark` from 1.21.0 to 1.22.0
- [Release notes](https://github.com/benchmark-action/github-action-benchmark/releases)
- [Changelog](https://github.com/benchmark-action/github-action-benchmark/blob/master/CHANGELOG.md)
- [Commits](benchmark-action/github-action-benchmark@a7bc236...a60cea5)

Updates `docker/build-push-action` from 7.0.0 to 7.1.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@d08e5c3...bcafcac)

Updates `astral-sh/setup-uv` from 7.6.0 to 8.0.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@37802ad...cec2083)

Updates `codecov/codecov-action` from 5.5.4 to 6.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@75cd116...57e3a13)

Updates `docker/login-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@b45d80f...4907a6d)

Updates `aws-actions/configure-aws-credentials` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@8df5847...ec61189)

Updates `googleapis/release-please-action` from 4.4.0 to 4.4.1
- [Release notes](https://github.com/googleapis/release-please-action/releases)
- [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md)
- [Commits](googleapis/release-please-action@16a9c90...5c625bf)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@ed0c539...cef2210)

Updates `github/codeql-action` from 4.34.1 to 4.35.1
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@3869755...c10b806)

---
updated-dependencies:
- dependency-name: benchmark-action/github-action-benchmark
  dependency-version: 1.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: googleapis/release-please-action
  dependency-version: 4.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pypa/gh-action-pypi-publish
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: github/codeql-action
  dependency-version: 4.35.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 18, 2026
…o dependabot/github_actions/all-aa67694289
@vincentsarago vincentsarago merged commit a62f1eb into main Apr 21, 2026
10 checks passed
@vincentsarago vincentsarago deleted the dependabot/github_actions/all-aa67694289 branch April 21, 2026 16:13
@github-actions github-actions Bot mentioned this pull request Apr 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant