chore(deps): bump the ci group across 1 directory with 5 updates by dependabot[bot] · Pull Request #1867 · open-component-model/ocm

dependabot · 2026-03-16T08:35:04Z

Bumps the ci group with 5 updates in the / directory:

Package	From	To
actions/download-artifact	`8.0.0`	`8.0.1`
geekyeggo/delete-artifact	`5.1.0`	`6.0.0`
actions/create-github-app-token	`2.2.1`	`3.0.0`
ncipollo/release-action	`1.20.0`	`1.21.0`
rojopolis/spellcheck-github-actions	`0.59.0`	`0.60.0`

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Support for CJK characters in the artifact name by @danwkennedy in actions/download-artifact#471

Add a regression test for artifact name + content-type mismatches by @danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

3e5f45b Add regression tests for CJK characters (#471)
e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
See full diff in compare view

Updates geekyeggo/delete-artifact from 5.1.0 to 6.0.0

Release notes

Sourced from geekyeggo/delete-artifact's releases.

v6.0.0

What's Changed

Update Node.js version from 20 to 24 by @Tom-van-Woudenberg in GeekyEggo/delete-artifact#31

Update dependencies, switch to ESM, and improve tsconfig @GeekyEggo in GeekyEggo/delete-artifact#32

New Contributors

@Tom-van-Woudenberg made their first contribution in GeekyEggo/delete-artifact#31

Full Changelog: GeekyEggo/delete-artifact@v5.1.0...v6.0.0

Commits

176a747 6.0.0
cebf182 build: update workflow action versions (#33)
13c2c87 chore: update deps, switch to esm, and improve tsconfig (#32)
23c7da5 Upgrade Node.js version from 20 to 24 (#31)
e46cfb9 build(deps): bump @actions/artifact from 2.1.4 to 2.1.7 (#27)
25f053d docs: add commit sha for 5.1.0
See full diff in compare view

Updates actions/create-github-app-token from 2.2.1 to 3.0.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

feat!: node 24 support (#275) (2e564a0)

fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (4451bcb)

Bug Fixes

remove custom proxy handling (#143) (dce0ab0)

BREAKING CHANGES

Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

deps: bump @actions/core from 1.11.1 to 3.0.0 (#337) (b044133)

deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)

deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)

deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

deps: bump @octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)

deps: bump @octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)

deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)

deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Commits

f8d387b build(release): 3.0.0 [skip ci]
d2129bd style: remove extra blank line in release workflow
77b94ef build: refresh generated artifacts
3ab4c66 chore: move undici to devDependencies
739cf66 docs: update README action versions
db40289 build(deps): bump actions versions in test.yml
496a7ac test: migrate from AVA to Node.js native test runner (#346)
3870dc3 Rename end-to-end proxy job in test workflow
4451bcb fix!: require NODE_USE_ENV_PROXY for proxy support (#342)
dce0ab0 fix: remove custom proxy handling (#143)
Additional commits viewable in compare view

Updates ncipollo/release-action from 1.20.0 to 1.21.0

Release notes

Sourced from ncipollo/release-action's releases.

v1.21.0

What's Changed

Bump jest-circus from 29.7.0 to 30.2.0 by @dependabot[bot] in ncipollo/release-action#557

Bump typescript from 5.8.3 to 5.9.3 by @dependabot[bot] in ncipollo/release-action#556

Bump actions/setup-node from 4 to 5 by @dependabot[bot] in ncipollo/release-action#551

Bump @types/node from 22.15.29 to 24.6.1 by @dependabot[bot] in ncipollo/release-action#555

Bump actions/setup-node from 5 to 6 by @dependabot[bot] in ncipollo/release-action#559

Bump ts-jest from 29.3.4 to 29.4.5 by @dependabot[bot] in ncipollo/release-action#561

Bump @biomejs/biome from 1.9.4 to 2.3.2 by @dependabot[bot] in ncipollo/release-action#564

Bump @types/node from 24.6.1 to 24.9.2 by @dependabot[bot] in ncipollo/release-action#563

Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in ncipollo/release-action#567

Bump glob from 11.0.3 to 11.1.0 by @dependabot[bot] in ncipollo/release-action#568

Bump actions/checkout from 5 to 6 by @dependabot[bot] in ncipollo/release-action#569

Bump @biomejs/biome from 2.3.2 to 2.3.8 by @dependabot[bot] in ncipollo/release-action#575

Bump glob from 11.1.0 to 13.0.0 by @dependabot[bot] in ncipollo/release-action#573

Bump @octokit/types from 13.10.0 to 16.0.0 by @dependabot[bot] in ncipollo/release-action#577

Bump @biomejs/biome from 2.3.8 to 2.3.10 by @dependabot[bot] in ncipollo/release-action#578

Bump @actions/core from 1.11.1 to 2.0.1 by @dependabot[bot] in ncipollo/release-action#579

Bump @types/node from 24.10.1 to 25.0.3 by @dependabot[bot] in ncipollo/release-action#580

Bump @biomejs/biome from 2.3.10 to 2.3.13 by @dependabot[bot] in ncipollo/release-action#586

Bump @types/node from 25.0.3 to 25.1.0 by @dependabot[bot] in ncipollo/release-action#583

Bump to core-3.0.0, move to vitest, support ESM modules by @ncipollo in ncipollo/release-action#587

Bump @actions/github from 6.0.1 to 9.0.0 by @dependabot[bot] in ncipollo/release-action#585

Bump glob from 13.0.0 to 13.0.6 by @dependabot[bot] in ncipollo/release-action#592

Bump @biomejs/biome from 2.3.13 to 2.4.4 by @dependabot[bot] in ncipollo/release-action#591

Fixes #593 Pass commitish into release notes request when present by @ncipollo in ncipollo/release-action#594

Full Changelog: ncipollo/release-action@v1...v1.21.0

Commits

339a818 preparing release 1.21.0
df17233 Resolve pnpm audit results
813e942 Update release script
7df3a0e Update sheepit to use pnpm
caacf56 Fixes #595 Bump to node 24
c074b5e Fixes #593 Pass commitish into release notes request when present (#594)
9e03662 Bump @biomejs/biome from 2.3.13 to 2.4.4 (#591)
5b4b195 Bump glob from 13.0.0 to 13.0.6 (#592)
89bab4d debug build
00cbfdc Bump @actions/github from 6.0.1 to 9.0.0 (#585)
Additional commits viewable in compare view

Updates rojopolis/spellcheck-github-actions from 0.59.0 to 0.60.0

Release notes

Sourced from rojopolis/spellcheck-github-actions's releases.

0.60.0

What's Changed

Bump rojopolis/spellcheck-github-actions from 0.58.0 to 0.59.0 by @dependabot[bot] in rojopolis/spellcheck-github-actions#327

Bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in rojopolis/spellcheck-github-actions#326

Bump docker/metadata-action from 5.10.0 to 6.0.0 by @dependabot[bot] in rojopolis/spellcheck-github-actions#332

Bump docker/login-action from 3.7.0 to 4.0.0 by @dependabot[bot] in rojopolis/spellcheck-github-actions#333

Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 by @dependabot[bot] in rojopolis/spellcheck-github-actions#329

Bump docker/build-push-action from 6.19.2 to 7.0.0 by @dependabot[bot] in rojopolis/spellcheck-github-actions#330

Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 by @dependabot[bot] in rojopolis/spellcheck-github-actions#331

Bump python from 486b809 to 6a27522 by @dependabot[bot] in rojopolis/spellcheck-github-actions#325

More correct error message, issue #328 by @jonasbn in rojopolis/spellcheck-github-actions#334

Preparing release 0.60.0 by @jonasbn in rojopolis/spellcheck-github-actions#335

Full Changelog: rojopolis/spellcheck-github-actions@0.59.0...0.60.0

Changelog

Sourced from rojopolis/spellcheck-github-actions's changelog.

Change Log for spellcheck-github-actions

0.60, 2026-03-14, minor feature release, update not required

Docker based image updated for Python 3.14.3 slim trixie via PR #325 from Dependabot.

Cleaned up the error messaging, to address issue #328 from @akohout-hai, the error message is now more correct, but not improved in general

0.59.0, 2026-03-02, feature release, update recommended

Improvements have been added to the docker entrypoint, based on a PR from @akohout-hai which fixes an issue with handling of spaces in files names and directories, see PR #322 for details. This is his first contribution to the project and I want to thank him for his contribution, which is highly appreciated.

Docker based image updated to Python 3.14.3 slim trixie via PR #320 from Dependabot.

0.58.0, 2026-01-20, security release, update not required

A minor security issue in the dependency: pymdown-extensions, which is used by the core component PySpelling

GHSA-r6h4-mm7h-8pmq

Original issue: facelessuser/pymdown-extensions#2716

0.57.0, 2026-01-14, maintenance release, update not required

Docker based image updated to Python 3.14.2 slim trixie via PR #310 from Dependabot. The version is the same, the image has had updates.

0.56.0, 2025-12-27, feature and maintenance release, update not required

Support for Portuguese (Portugal and Brazil) for both Hunspell and Aspell, requested by: @mdiazgoncalves via issue #298

Docker image updated to Python 3.14.2 trixie slim Release notes for Python 3.14.2

0.55.0, 2025-11-27, maintenance release, update not required

Via an issue #293 from @shoverbj, an update to the core component PySpelling from version 2.12.0 to version 2.12.1 was made, this allows for use of large dictionaries with Aspell

0.54.0, 2025-11-05, feature release, update not required

PySpelling the core component has been updated to version 2.12.0, which introduces support for maximum available cores. The feature is described in the release notes for PySpelling 2.12.0. See the documentation for PySpelling.

The flag was introduced with release 2.10 of PySpelling, which was adopted in release 0.36.0 of this action.

0.53.0, 2025-10-25, maintenance release, update not required

Docker image updated to Python 3.14.0 trixie slim Release notes for Python 3.14.0, this originated from the PR mentioned below, however updated to Trixie from Bookworm and as always the slim variant is used

Bumped the requirement for cython to 3.0.11 or above, addressing a build issue with lxml, located when testing the PR : #274 from @dependabot, the above update of Python

In general the Docker build file had a few updates since the above changes required some tweaking of the Dockerfile

Order of installation of dependencies adjusted to ensure that lxml can build correctly

Installation of:

build-essential

pkg-config

... (truncated)

Commits

e3cd8e9 Merge pull request #335 from rojopolis/release_candidate_0.60.0
1d3820d Preparing release 0.60.0
bafc7d3 More correct error message, issue #328 (#334)
df486cb Added update of Docker base image
6d6eb52 Bump python from 486b809 to 6a27522 (#325)
631e4a7 Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#331)
ebefb9d Bump docker/build-push-action from 6.19.2 to 7.0.0 (#330)
b3b2580 Bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#329)
dc29b58 Bump docker/login-action from 3.7.0 to 4.0.0 (#333)
5d55413 Bump docker/metadata-action from 5.10.0 to 6.0.0 (#332)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | | [geekyeggo/delete-artifact](https://github.com/geekyeggo/delete-artifact) | `5.1.0` | `6.0.0` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.1` | `3.0.0` | | [ncipollo/release-action](https://github.com/ncipollo/release-action) | `1.20.0` | `1.21.0` | | [rojopolis/spellcheck-github-actions](https://github.com/rojopolis/spellcheck-github-actions) | `0.59.0` | `0.60.0` | Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@70fc10c...3e5f45b) Updates `geekyeggo/delete-artifact` from 5.1.0 to 6.0.0 - [Release notes](https://github.com/geekyeggo/delete-artifact/releases) - [Changelog](https://github.com/GeekyEggo/delete-artifact/blob/main/CHANGELOG.md) - [Commits](GeekyEggo/delete-artifact@f275313...176a747) Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@29824e6...f8d387b) Updates `ncipollo/release-action` from 1.20.0 to 1.21.0 - [Release notes](https://github.com/ncipollo/release-action/releases) - [Commits](ncipollo/release-action@b7eabc9...339a818) Updates `rojopolis/spellcheck-github-actions` from 0.59.0 to 0.60.0 - [Release notes](https://github.com/rojopolis/spellcheck-github-actions/releases) - [Changelog](https://github.com/rojopolis/spellcheck-github-actions/blob/master/CHANGELOG.md) - [Commits](rojopolis/spellcheck-github-actions@79c6662...e3cd8e9) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci - dependency-name: geekyeggo/delete-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: actions/create-github-app-token dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: ncipollo/release-action dependency-version: 1.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: rojopolis/spellcheck-github-actions dependency-version: 0.60.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added component/github-actions Changes on GitHub Actions or within `.github/` directory kind/chore chore, maintenance, etc. kind/dependency dependency update, etc. kind/skip-release-notes Pull request will not appear in release notes labels Mar 16, 2026

dependabot Bot requested a review from a team as a code owner March 16, 2026 08:35

dependabot Bot added component/github-actions Changes on GitHub Actions or within `.github/` directory kind/skip-release-notes Pull request will not appear in release notes kind/dependency dependency update, etc. kind/chore chore, maintenance, etc. labels Mar 16, 2026

github-actions Bot added the size/s Small label Mar 16, 2026

matthiasbruns approved these changes Mar 16, 2026

View reviewed changes

matthiasbruns merged commit a8f20d8 into main Mar 16, 2026
20 checks passed

dependabot Bot deleted the dependabot/github_actions/ci-b6fa462858 branch March 16, 2026 08:57

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the ci group across 1 directory with 5 updates#1867

chore(deps): bump the ci group across 1 directory with 5 updates#1867
matthiasbruns merged 1 commit into
mainfrom
dependabot/github_actions/ci-b6fa462858

dependabot Bot commented on behalf of github Mar 16, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Mar 16, 2026

v8.0.1

What's Changed

v6.0.0

What's Changed

New Contributors

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

BREAKING CHANGES

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

BREAKING CHANGES

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

v1.21.0

What's Changed

0.60.0

What's Changed

Change Log for spellcheck-github-actions

0.60, 2026-03-14, minor feature release, update not required

0.59.0, 2026-03-02, feature release, update recommended

0.58.0, 2026-01-20, security release, update not required

0.57.0, 2026-01-14, maintenance release, update not required

0.56.0, 2025-12-27, feature and maintenance release, update not required

0.55.0, 2025-11-27, maintenance release, update not required

0.54.0, 2025-11-05, feature release, update not required

0.53.0, 2025-10-25, maintenance release, update not required

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant