Skip to content

build(deps): bump the actions group across 1 directory with 4 updates#11084

Merged
timotheeguerin merged 1 commit into
mainfrom
dependabot/github_actions/actions-c43d540308
Jun 24, 2026
Merged

build(deps): bump the actions group across 1 directory with 4 updates#11084
timotheeguerin merged 1 commit into
mainfrom
dependabot/github_actions/actions-c43d540308

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 4 updates in the / directory: github/gh-aw-actions, actions/checkout, actions/cache and github/gh-aw.

Updates github/gh-aw-actions from 0.79.8 to 0.81.2

Release notes

Sourced from github/gh-aw-actions's releases.

v0.81.2

Sync of actions from gh-aw at v0.81.2.

v0.81.1

Sync of actions from gh-aw at v0.81.1.

v0.81.0

Sync of actions from gh-aw at v0.81.0.

v0.80.9

Sync of actions from gh-aw at v0.80.9.

v0.80.8

Sync of actions from gh-aw at v0.80.8.

v0.80.7

Sync of actions from gh-aw at v0.80.7.

v0.80.6

Sync of actions from gh-aw at v0.80.6.

v0.80.4

Sync of actions from gh-aw at v0.80.4.

v0.80.3

Sync of actions from gh-aw at v0.80.3.

v0.80.2

Sync of actions from gh-aw at v0.80.2.

v0.80.1

Sync of actions from gh-aw at v0.80.1.

v0.80.0

Sync of actions from gh-aw at v0.80.0.

Commits

Updates actions/checkout from 6 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Commits

Updates actions/cache from 5.0.5 to 6.0.0

Release notes

Sourced from actions/cache's releases.

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits

Updates github/gh-aw from 0.71.5 to 0.80.9

Release notes

Sourced from github/gh-aw's releases.

v0.80.9

🌟 Release Highlights

This release focuses on reliability and correctness — squashing noisy error conditions in the MCP server and agentic workflows, hardening security, and keeping the observability pipeline complete.

🐛 Bug Fixes & Improvements

  • MCP stdio error handlinghandleMessage now correctly serialises plain-object throws (not just Error instances), eliminating the cryptic -32603 [object Object] failures that blocked submit_pull_request_review on the stdio transport path. (#40715)

  • Issue Monster noise reduction — Agent-availability errors ("copilot coding agent is not available for this repository") are now treated as transient and silently skipped, so the issue tracker is no longer spammed with failure issues on every 30-minute poll cycle. (#40716)

  • Observability report completeness — The daily observability report now explicitly requests agent and detection artifact sets alongside usage metrics, preventing incomplete/noop outcomes caused by missing telemetry inputs. (#40705)

  • Task session data fetch — Fixed a failing agent GitHub Actions job caused by a stale data-fetch pattern in task session handling. (#40728)

🔒 Security

  • Atomic temp-file writes — Replaced direct fs.writeFileSync calls in the safe-output evaluations script with an atomic write helper, closing a CWE-377 insecure-temporary-file vulnerability flagged by CodeQL. (#40721)

🔧 Internal

  • Safe Outputs conformance checker — Added MCE-006 check verifying that mcp_server_core.cjs enforces valid JSON-RPC 2.0 error codes (spec §8.2); split spec/script version comments for clarity. (#40737)

  • Maintenance workflow headeragentics-maintenance.yml now carries an explicit, purpose-specific header describing the maintenance schedule and how to disable it, replacing the generic compiled-workflow boilerplate. (#40706)

Generated by 🚀 Release · 31.3 AIC · ⊞ 8.2K

What's Changed

Full Changelog: github/gh-aw@v0.80.8...v0.80.9

v0.80.8

🌟 Release Highlights

This release brings a meaningful performance win, improved slash-command UX, a new Go linter, and a wave of reliability and documentation improvements.

⚡ Performance

... (truncated)

Commits
  • a362436 [code-scanning-fix] Fix js/insecure-temporary-file: use atomic write to preve...
  • 8d48d89 docs: add weekly blog post for 2026-06-22 (#40724)
  • 75f540e feat: add MCE-006 conformance check for JSON-RPC error code validity (#40737)
  • 592d420 fix(issue-monster): gracefully skip agent availability errors with ignore-if-...
  • a15c5b4 Update task session data fetch (#40728)
  • 48f9e0c fix: handleMessage avoids [object Object] errors and enforces valid JSON-RPC ...
  • b720e39 Update agentic maintenance workflow header content (#40706)
  • 1af3c5f fix(daily-observability-report): request agent+detection artifacts in logs fe...
  • a401853 Reduce ambient prompt surface in high-traffic workflows (#40695)
  • 4bb6180 Allow Daily Safe Output Integrator to inspect compiler safe-output tests (#40...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the actions group across 1 directory with 4 updates
6041cce 
Bumps the actions group with 4 updates in the / directory: [github/gh-aw-actions](https://github.com/github/gh-aw-actions), [actions/checkout](https://github.com/actions/checkout), [actions/cache](https://github.com/actions/cache) and [github/gh-aw](https://github.com/github/gh-aw).


Updates `github/gh-aw-actions` from 0.79.8 to 0.81.2
- [Release notes](https://github.com/github/gh-aw-actions/releases)
- [Changelog](https://github.com/github/gh-aw-actions/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw-actions@v0.79.8...v0.81.2)

Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v6...v7)

Updates `actions/cache` from 5.0.5 to 6.0.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...2c8a9bd)

Updates `github/gh-aw` from 0.71.5 to 0.80.9
- [Release notes](https://github.com/github/gh-aw/releases)
- [Changelog](https://github.com/github/gh-aw/blob/main/CHANGELOG.md)
- [Commits](github/gh-aw@v0.71.5...v0.80.9)

---
updated-dependencies:
- dependency-name: github/gh-aw-actions
  dependency-version: 0.81.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/cache
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: github/gh-aw
  dependency-version: 0.80.9
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@timotheeguerin timotheeguerin enabled auto-merge June 24, 2026 22:39
@timotheeguerin timotheeguerin added this pull request to the merge queue Jun 24, 2026
Merged via the queue into main with commit 13b3731 Jun 24, 2026
35 checks passed
@timotheeguerin timotheeguerin deleted the dependabot/github_actions/actions-c43d540308 branch June 24, 2026 22:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timotheeguerin timotheeguerin timotheeguerin approved these changes
@bterlson bterlson Awaiting requested review from bterlson bterlson is a code owner
@markcowl markcowl Awaiting requested review from markcowl markcowl is a code owner
@witemple-msft witemple-msft Awaiting requested review from witemple-msft witemple-msft is a code owner
@iscai-msft iscai-msft Awaiting requested review from iscai-msft iscai-msft is a code owner
@catalinaperalta catalinaperalta Awaiting requested review from catalinaperalta catalinaperalta is a code owner

Assignees

No one assigned

Labels

eng

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@timotheeguerin