Skip to content

Update github-actions#157

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-actions
Open

Update github-actions#157
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-actions

Conversation

@renovate

@renovate renovate Bot commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
astral-sh/setup-uv action minor v8.1.0v8.3.2
github/codeql-action action minor v4.36.0v4.37.0
shivammathur/setup-php action patch v2.37.12.37.2
softprops/action-gh-release action patch v3.0.0v3.0.1
stefanzweifel/git-auto-commit-action action minor v7.1.0v7.2.0
step-security/harden-runner action minor v2.19.4v2.20.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Release Notes

astral-sh/setup-uv (astral-sh/setup-uv)

v8.3.2

Compare Source

v8.3.1

Compare Source

v8.3.0

Compare Source

v8.2.0: 🌈 New inputs quiet and download-from-astral-mirror

Compare Source

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details.
In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token.
All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes
🚀 Enhancements
🧰 Maintenance
⬆️ Dependency updates
github/codeql-action (github/codeql-action)

v4.37.0

Compare Source

  • Update default CodeQL bundle version to 2.26.0. #​3995
  • In addition to the existing input format, the config-file input for the codeql-action/init step will soon support a new [owner/]repo[@​ref][:path] format. All components except the repository name are optional. If omitted, owner defaults to the same owner as the repository the analysis is running for, ref to main, and path to .github/codeql-action.yaml. Support for this format ships in this version of the CodeQL Action, but will only be enabled over the coming weeks. #​3973

v4.36.3

Compare Source

No user facing changes.

v4.36.2

Compare Source

  • Cache CodeQL CLI version information across Actions steps. #​3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #​3937
  • Update default CodeQL bundle version to 2.25.6. #​3948

v4.36.1

Compare Source

No user facing changes.

shivammathur/setup-php (shivammathur/setup-php)

v2.37.2

Compare Source

Changelog
  • Fixed macOS setup by marking shivammathur/php and shivammathur/extensions as trusted taps.

  • Switched to Visual Studio 18 (vs18) builds for PHP 8.6 on Windows.

  • Improved looking up environment variables.

  • Tightened security in internal GitHub action workflows.

  • Updated Node.js dependencies.

For the complete list of changes, please refer to the Full Changelog

Follow for updates

setup-php reddit setup-php twitter setup-php status

softprops/action-gh-release (softprops/action-gh-release)

v3.0.1

Compare Source

3.0.1

  • maintenance release with updated dependencies
stefanzweifel/git-auto-commit-action (stefanzweifel/git-auto-commit-action)

v7.2.0

Compare Source

Added
Fixed
Dependency Updates
step-security/harden-runner (step-security/harden-runner)

v2.20.0

Compare Source

What's Changed
  • Support for block policy for MacOS and Windows GitHub-hosted runners
  • Support for Bitrise MacOS GitHub Actions runners
  • HTTPS monitoring support for Bun for Linux runners (enterprise tier)

Full Changelog: step-security/harden-runner@v2.19.4...v2.20.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Comment thread .github/workflows/lint-workflows.yml Fixed
Comment thread .github/workflows/lint-workflows.yml Fixed
Comment thread .github/workflows/lint-workflows.yml Outdated

- name: Install the latest version of uv
uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0
@renovate renovate Bot force-pushed the renovate/github-actions branch from 14adca8 to 728789d Compare June 8, 2026 16:52
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: "Install PHP"
uses: "shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc" # v2.37.1
uses: "shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240" # 2.37.2

- name: "Install PHP"
uses: "shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc" # v2.37.1
uses: "shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240" # 2.37.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
- name: "Install PHP"
uses: "shivammathur/setup-php@7c071dfe9dc99bdf297fa79cb49ea005b9fcadbc" # v2.37.1
uses: "shivammathur/setup-php@f3e473d116dcccaddc5834248c87452386958240" # 2.37.2
@renovate renovate Bot force-pushed the renovate/github-actions branch from 728789d to a5089e4 Compare June 11, 2026 13:58
@renovate renovate Bot force-pushed the renovate/github-actions branch from a5089e4 to ef89b2d Compare June 19, 2026 15:31

- name: "Create release"
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3.0.1
@renovate renovate Bot force-pushed the renovate/github-actions branch 2 times, most recently from f87ccba to 5d48767 Compare June 28, 2026 09:45
- name: "Commit changes"
if: github.event_name != 'pull_request'
uses: "stefanzweifel/git-auto-commit-action@04702edda442b2e678b25b537cec683a1493fcb9" # v7.1.0
uses: "stefanzweifel/git-auto-commit-action@4a55954c782fc1ea30b9056cd3e7a2b40ca8887d" # v7.2.0
@renovate renovate Bot force-pushed the renovate/github-actions branch 3 times, most recently from 5f7e0b2 to c02c51c Compare July 7, 2026 15:48
@renovate renovate Bot force-pushed the renovate/github-actions branch from c02c51c to 5b0628c Compare July 8, 2026 12:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant