Skip to content

chore(deps): bump the actions group across 1 directory with 9 updates#50

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-22790e8112
Open

chore(deps): bump the actions group across 1 directory with 9 updates#50
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-22790e8112

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown

Bumps the actions group with 9 updates in the / directory:

Package From To
actions/checkout 6.0.2 6.0.3
rlespinasse/github-slug-action 4.4.1 5.6.0
docker/setup-buildx-action 3.12.0 4.1.0
docker/login-action 3.7.0 4.2.0
docker/metadata-action 4.3.0 6.1.0
docker/build-push-action 4.2.1 7.2.0
actions/upload-artifact 4.6.2 7.0.1
actions/cache 4.3.0 5.0.5
trufflesecurity/trufflehog 3.94.2 3.95.5

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

... (truncated)

Commits

Updates rlespinasse/github-slug-action from 4.4.1 to 5.6.0

Release notes

Sourced from rlespinasse/github-slug-action's releases.

v5.6.0

5.6.0 (2026-04-13)

Features

  • bump actions/github-script from 8 to 9 (#178) (e6f2616)

v5.5.0

5.5.0 (2026-02-04)

Features

v5.4.0

5.4.0 (2025-11-25)

Features

v5.3.0

5.3.0 (2025-10-19)

Features

  • bump actions/github-script from 7 to 8 (#170) (ac4a3a2)

v5.2.0

5.2.0 (2025-07-29)

Features

  • bump super-linter/super-linter from 7 to 8 (#166) (c33ff65)

v5.1.0

5.1.0 (2025-03-11)

Features

  • bump actions/github-script from 6 to 7 (#157) (955b5ba)

... (truncated)

Commits
  • e6f2616 feat: bump actions/github-script from 8 to 9 (#178)
  • ef035f6 docs: Reorganize documentation with new reference and explanation sections (#...
  • 9e7def6 feat: Pin sub-actions to full commit SHAs (#175)
  • e8d2331 Pin sub-actions to full commit SHAs (#175)
  • 6f7a8d2 feat: bump actions/checkout from 5 to 6 (#172)
  • ac4a3a2 feat: bump actions/github-script from 7 to 8 (#170)
  • 6772bda docs: fix moved links (#168)
  • 846af0a build(deps): bump actions/checkout from 4 to 5 in the dependencies group (#167)
  • c33ff65 feat: bump super-linter/super-linter from 7 to 8 (#166)
  • 50025f7 docs(security): document the end of life of the v4.x branch (#165)
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.1.0

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

v4.0.0

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

Commits
  • d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 92bc5c9 chore: update generated content
  • da11e35 build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
  • f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
  • b5af94f chore: update generated content
  • 16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
  • d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
  • 28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
  • daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
  • 9725348 chore: update generated content
  • Additional commits viewable in compare view

Updates docker/login-action from 3.7.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

Full Changelog: docker/login-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Full Changelog: docker/login-action@v3.7.0...v4.0.0

Commits
  • 650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 99df1a3 chore: update generated content
  • 3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • 39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 4eefcd3 chore: update generated content
  • 56d092c build(deps): bump @​docker/actions-toolkit from 0.86.0 to 0.90.0
  • e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
  • 0bced94 chore: update generated content
  • 3e75a0f build(deps): bump @​actions/core from 3.0.0 to 3.0.1
  • 365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
  • Additional commits viewable in compare view

Updates docker/metadata-action from 4.3.0 to 6.1.0

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

v6.0.0

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

v5.10.0

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

v5.8.0

... (truncated)

Commits
  • 80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 8e0ddab chore: update generated content
  • a8db14b chore(deps): Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
  • 63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
  • c6916a6 chore: update generated content
  • aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
  • 9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
  • 43dea76 chore: update generated content
  • 7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
  • e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
  • Additional commits viewable in compare view

Updates docker/build-push-action from 4.2.1 to 7.2.0

Release notes

Sourced from docker/build-push-action's releases.

v7.2.0

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

v7.1.0

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

v7.0.0

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

... (truncated)

Commits
  • f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 812d5fd chore: update generated content
  • b6f6693 chore(deps): Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0
  • c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
  • 51bb284 chore: update generated content
  • 5f7884d chore(deps): Bump @​actions/core from 3.0.0 to 3.0.1
  • e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
  • 3804d49 chore: update generated content
  • 71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
  • 4925ad2 Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

Updates actions/cache from 4.3.0 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

New Contributors

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.


v5.0.1

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits
  • 27d5ce7 Merge ...

    Description has been truncated

Bumps the actions group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |
| [rlespinasse/github-slug-action](https://github.com/rlespinasse/github-slug-action) | `4.4.1` | `5.6.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.1.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.2.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `4.3.0` | `6.1.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `4.2.1` | `7.2.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |
| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |
| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.94.2` | `3.95.5` |



Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...df4cb1c)

Updates `rlespinasse/github-slug-action` from 4.4.1 to 5.6.0
- [Release notes](https://github.com/rlespinasse/github-slug-action/releases)
- [Commits](rlespinasse/github-slug-action@102b1a0...e6f2616)

Updates `docker/setup-buildx-action` from 3.12.0 to 4.1.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@8d2750c...d7f5e7f)

Updates `docker/login-action` from 3.7.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@c94ce9f...650006c)

Updates `docker/metadata-action` from 4.3.0 to 6.1.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@v4.3.0...80c7e94)

Updates `docker/build-push-action` from 4.2.1 to 7.2.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@0a97817...f9f3042)

Updates `actions/upload-artifact` from 4.6.2 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...043fb46)

Updates `actions/cache` from 4.3.0 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0057852...27d5ce7)

Updates `trufflesecurity/trufflehog` from 3.94.2 to 3.95.5
- [Release notes](https://github.com/trufflesecurity/trufflehog/releases)
- [Commits](trufflesecurity/trufflehog@6bd2d14...d411fff)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: rlespinasse/github-slug-action
  dependency-version: 5.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/metadata-action
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/build-push-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: trufflesecurity/trufflehog
  dependency-version: 3.95.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants