Skip to content

Bump the major-minor-patch group across 1 directory with 7 updates#27

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/major-minor-patch-39fcd93ed1
Closed

Bump the major-minor-patch group across 1 directory with 7 updates#27
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/major-minor-patch-39fcd93ed1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Feb 6, 2026

Copy link
Copy Markdown

Bumps the major-minor-patch group with 7 updates in the / directory:

Package From To
actions/checkout 6.0.1 6.0.2
docker/setup-buildx-action 3.11.1 3.12.0
docker/login-action 3.6.0 3.7.0
actions/upload-artifact 4.6.2 6.0.0
actions/setup-dotnet 5.0.1 5.1.0
dorny/test-reporter 2.3.0 2.5.0
marocchino/sticky-pull-request-comment 2.9.0 2.9.4

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits
  • de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
  • 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
  • See full diff in compare view

Updates docker/setup-buildx-action from 3.11.1 to 3.12.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.12.0

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

Commits
  • 8d2750c Merge pull request #455 from crazy-max/install-deprecated
  • e81846b deprecate install input
  • 65d18f8 Merge pull request #454 from docker/dependabot/github_actions/actions/checkout-6
  • 000d75d build(deps): bump actions/checkout from 5 to 6
  • 1583c0f Merge pull request #443 from nicolasleger/patch-1
  • ed158e7 doc: bump actions/checkout from 4 to 5
  • 4cc794f Merge pull request #441 from docker/dependabot/github_actions/actions/checkout-5
  • 4dfc3d6 build(deps): bump actions/checkout from 4 to 5
  • af1b253 Merge pull request #440 from crazy-max/k3s-build
  • 3c6ab92 ci: k3s test with latest buildx
  • Additional commits viewable in compare view

Updates docker/login-action from 3.6.0 to 3.7.0

Release notes

Sourced from docker/login-action's releases.

v3.7.0

Full Changelog: docker/login-action@v3.6.0...v3.7.0

Commits
  • c94ce9f Merge pull request #915 from docker/dependabot/npm_and_yarn/lodash-4.17.23
  • 8339c95 Merge pull request #912 from docker/scope
  • c83e932 build(deps): bump lodash from 4.17.21 to 4.17.23
  • b268aa5 chore: update generated content
  • a603229 documentation for scope input
  • 7567f92 Add scope input to set scopes for the authentication token
  • 0567fa5 Merge pull request #914 from dphi/add-support-for-amazonaws.eu
  • f6ef577 feat: add support for AWS European Sovereign Cloud ECR registries
  • 916386b Merge pull request #911 from crazy-max/ensure-redact
  • 5b3f94a chore: update generated content
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Updates actions/setup-dotnet from 5.0.1 to 5.1.0

Release notes

Sourced from actions/setup-dotnet's releases.

v5.1.0

What's Changed

Documentation

Dependency updates

New Contributors

Full Changelog: actions/setup-dotnet@v5...v5.1.0

Commits
  • baa11fb Bump test dependencies to resolve System.Net.Http vulnerability, update workf...
  • 24ec4f2 Upgrade to latest actions packages (#687)
  • 4c100cb Fix icons (#604)
  • 25328d8 Bump actions/checkout from 5 to 6 (#684)
  • 937b8dd Update README with note on setting DOTNET_INSTALL_DIR for Linux permission is...
  • See full diff in compare view

Updates dorny/test-reporter from 2.3.0 to 2.5.0

Release notes

Sourced from dorny/test-reporter's releases.

v2.5.0

What's Changed

Features

Project maintanance

Full Changelog: dorny/test-reporter@v2.4.0...v2.5.0

v2.4.0

What's Changed

New Contributors

Full Changelog: dorny/test-reporter@v2.3.0...v2.4.0

Changelog

Sourced from dorny/test-reporter's changelog.

Changelog

2.5.0

2.4.0

2.3.0

2.2.0

2.1.1

2.1.0

2.0.0

1.9.1

... (truncated)

Commits
  • b082adf test-reporter release v2.5.0
  • bcafc9f Merge pull request #707 from dorny/feature/700-nette-tester-junit-reporter
  • b0cbac6 Rebuild the dist/index.js file
  • c92a289 Remove unnecessary output files
  • 6697ec4 Merge pull request #695 from dorny/dependabot/github_actions/actions/upload-a...
  • 6387029 Create tester-junit reporter for Nette Tester tool
  • 6896772 Merge pull request #706 from dorny/release/v2.4.0
  • e17be7e test-reporter release v2.4.0
  • 6efb86e Merge pull request #704 from dorny/bugfix/703-refactor-deprecated-substr-func...
  • 055bc8c Rebuild the dist/index.js file
  • Additional commits viewable in compare view

Updates marocchino/sticky-pull-request-comment from 2.9.0 to 2.9.4

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v2.9.4

What's Changed

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.3...v2.9.4

v2.9.3

What's Changed

  • Update deps (including security issues)
  • Test with vitest instead of jest
  • Use biome

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.2...v2.9.3

v2.9.2

What's Changed

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.1...v2.9.2

v2.9.1

What's Changed

New Contributors

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.0...v2.9.1

Commits
  • 7737449 📦️ Build
  • 8b423c6 Merge pull request #1564 from marocchino/dependabot/npm_and_yarn/types/node-2...
  • 3ac8a74 build(deps-dev): Bump @​types/node from 24.0.12 to 24.0.13
  • e430cfc Merge pull request #1563 from marocchino/dependabot/npm_and_yarn/types/node-2...
  • 99f9378 build(deps-dev): Bump @​types/node from 24.0.11 to 24.0.12
  • 2216b3a Merge pull request #1562 from marocchino/dependabot/npm_and_yarn/biomejs/biom...
  • 482d7fd build(deps-dev): Bump @​biomejs/biome from 2.0.4 to 2.1.1
  • c2da581 Merge pull request #1561 from marocchino/dependabot/npm_and_yarn/types/node-2...
  • 76f8462 build(deps-dev): Bump @​types/node from 24.0.3 to 24.0.11
  • 246151a ⬆️ Update biome
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the major-minor-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.11.1` | `3.12.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.6.0` | `3.7.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `6.0.0` |
| [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `5.0.1` | `5.1.0` |
| [dorny/test-reporter](https://github.com/dorny/test-reporter) | `2.3.0` | `2.5.0` |
| [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `2.9.0` | `2.9.4` |



Updates `actions/checkout` from 6.0.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@8e8c483...de0fac2)

Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@e468171...8d2750c)

Updates `docker/login-action` from 3.6.0 to 3.7.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@5e57cd1...c94ce9f)

Updates `actions/upload-artifact` from 4.6.2 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4.6.2...b7c566a)

Updates `actions/setup-dotnet` from 5.0.1 to 5.1.0
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](actions/setup-dotnet@2016bd2...baa11fb)

Updates `dorny/test-reporter` from 2.3.0 to 2.5.0
- [Release notes](https://github.com/dorny/test-reporter/releases)
- [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md)
- [Commits](dorny/test-reporter@fe45e95...b082adf)

Updates `marocchino/sticky-pull-request-comment` from 2.9.0 to 2.9.4
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](marocchino/sticky-pull-request-comment@331f8f5...7737449)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: major-minor-patch
- dependency-name: docker/setup-buildx-action
  dependency-version: 3.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major-minor-patch
- dependency-name: docker/login-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major-minor-patch
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-minor-patch
- dependency-name: actions/setup-dotnet
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major-minor-patch
- dependency-name: dorny/test-reporter
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: major-minor-patch
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 2.9.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: major-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 6, 2026
@github-actions

github-actions Bot commented Feb 6, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout de0fac2e4500dabe0009e67214ff5f5447ce83dd 🟢 6.4
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 57 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging⚠️ -1packaging workflow not detected
Pinned-Dependencies⚠️ 3dependency not pinned by hash detected -- score normalized to 3
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection🟢 6branch protection is not maximal on development and all release branches
Vulnerabilities🟢 73 existing vulnerabilities detected
SAST🟢 8SAST tool detected but not run on all commits
actions/actions/upload-artifact b7c566a772e6b6bfb58ed0dc250532a479d7789f 🟢 6.2
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Code-Review🟢 10all changesets reviewed
Maintained🟢 1027 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Pinned-Dependencies⚠️ 1dependency not pinned by hash detected -- score normalized to 1
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 64 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • .github/workflows/scorecard.yml

@dependabot @github

dependabot Bot commented on behalf of github Feb 13, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Feb 13, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/develop/major-minor-patch-39fcd93ed1 branch February 13, 2026 03:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants