Skip to content

build(deps): bump the actions group across 1 directory with 6 updates#131

Merged
kilbot merged 1 commit into
mainfrom
dependabot/github_actions/actions-95f21b80fb
May 25, 2026
Merged

build(deps): bump the actions group across 1 directory with 6 updates#131
kilbot merged 1 commit into
mainfrom
dependabot/github_actions/actions-95f21b80fb

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 12, 2026
edited
Loading

Bumps the actions group with 6 updates in the / directory:

Package From To
actions/checkout 4.3.1 6.0.2
pnpm/action-setup 4.2.0 6.0.8
actions/setup-node 4.4.0 6.4.0
actions/dependency-review-action 4.8.3 5.0.0
actions/upload-artifact 4.6.2 7.0.1
actions/download-artifact 4.3.0 8.0.1

Updates actions/checkout from 4.3.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates pnpm/action-setup from 4.2.0 to 6.0.8

Release notes

Sourced from pnpm/action-setup's releases.

v6.0.8

What's Changed

New Contributors

Full Changelog: pnpm/action-setup@v6.0.7...v6.0.8

v6.0.7

What's Changed

New Contributors

Full Changelog: pnpm/action-setup@v6.0.6...v6.0.7

v6.0.6

What's Changed

Full Changelog: pnpm/action-setup@v6.0.5...v6.0.6

v6.0.5

What's Changed

Full Changelog: pnpm/action-setup@v6.0.4...v6.0.5

v6.0.4

What's Changed

New Contributors

Full Changelog: pnpm/action-setup@v6.0.3...v6.0.4

v6.0.3

Updated pnpm to v11.0.0-rc.5

Full Changelog: pnpm/action-setup@v6.0.2...v6.0.3

... (truncated)

Commits
  • 0e279bb fix: update pnpm to 11.1.1 (#248)
  • 3e83581 fix: drop patchPnpmEnv so standalone+self-update works on Windows (#258)
  • 551b42e docs(README): fix cache_dependency_path type (#257)
  • 739bfe4 fix: self-update bootstrap to packageManager-pinned version (#233) (#256)
  • f61705d chore: add CODEOWNERS
  • 7a5507b fix: restore inputs from state in post (#255)
  • 1155470 fix: honor devEngines.packageManager.onFail=error (#252) (#254)
  • 91ab88e fix: bin_dest output points to self-updated pnpm, not bootstrap (#249)
  • e578e19 fix: update pnpm to 11.0.4
  • 8912a91 fix: append (not prepend) action node dir to PATH for npm bootstrap (#241)
  • Additional commits viewable in compare view

Updates actions/setup-node from 4.4.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v6...v6.4.0

v6.3.0

What's Changed

Enhancements:

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

Bug fixes:

New Contributors

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

What's Changed

Documentation

Dependency updates:

New Contributors

... (truncated)

Commits

Updates actions/dependency-review-action from 4.8.3 to 5.0.0

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

Commits
  • a1d282b Merge pull request #1098 from actions/ahpook/v5-release
  • eb6c199 update examples to show @​v5
  • 3943c2c v5.0.0 release branch
  • 454943c Merge pull request #1094 from actions/ashelytc/security-findings
  • 6d92a12 revert @​typescript-eslint/parser update
  • a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
  • b6b7079 update @​typescript-eslint/parser to 8.40.0
  • 821a21d update more dependencies
  • 05aaaae run npm audit fix
  • 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

Updates actions/download-artifact from 4.3.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

... (truncated)

Commits
  • 3e5f45b Add regression tests for CJK characters (#471)
  • e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 12, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented Mar 12, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment May 25, 2026 6:57pm

@kilbot kilbot enabled auto-merge (squash) March 17, 2026 13:15
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-95f21b80fb branch from 8f41921 to 34b3584 Compare March 19, 2026 05:29
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-95f21b80fb branch from 34b3584 to 4c12aed Compare March 26, 2026 05:31
@wcpos-bot wcpos-bot Bot mentioned this pull request Apr 8, 2026
Closed
@kilbot kilbot mentioned this pull request Apr 15, 2026
Closed
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-95f21b80fb branch from 4c12aed to 668bee2 Compare April 16, 2026 05:24
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-95f21b80fb branch from 668bee2 to 6e7be27 Compare April 23, 2026 05:24
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-95f21b80fb branch from 6e7be27 to e26c50f Compare May 7, 2026 05:28
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-95f21b80fb branch from e26c50f to 3a9e3cc Compare May 14, 2026 05:28
@dependabot dependabot Bot changed the title chore(deps): bump the actions group across 1 directory with 6 updates build(deps): bump the actions group across 1 directory with 6 updates May 21, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-95f21b80fb branch from 3a9e3cc to 43cbc32 Compare May 21, 2026 05:33
@dependabot
build(deps): bump the actions group across 1 directory with 6 updates
2e1007e 
Bumps the actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |
| [pnpm/action-setup](https://github.com/pnpm/action-setup) | `4.2.0` | `6.0.8` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.4.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.3` | `5.0.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |

Updates `actions/checkout` from 4.3.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@34e1148...de0fac2)

Updates `pnpm/action-setup` from 4.2.0 to 6.0.8
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@41ff726...0e279bb)

Updates `actions/setup-node` from 4.4.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@49933ea...48b55a0)

Updates `actions/dependency-review-action` from 4.8.3 to 5.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@05fe457...a1d282b)

Updates `actions/upload-artifact` from 4.6.2 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...043fb46)

Updates `actions/download-artifact` from 4.3.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@d3f86a1...3e5f45b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/dependency-review-action
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: pnpm/action-setup
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@wcpos-bot wcpos-bot Bot force-pushed the dependabot/github_actions/actions-95f21b80fb branch from 43cbc32 to 2e1007e Compare May 25, 2026 18:44
@wcpos-bot
Copy link
Copy Markdown
Contributor

wcpos-bot Bot commented May 25, 2026

Resolved the merge conflict and pushed a single rebased commit. No review threads or review-body findings were present.

Thread File Issue Decision Commit
Merge conflict sweep-docs-translations.yml translate.yml was deleted on main while the Dependabot branch updated action pins; the replacement sweep workflow still had old action pins. Kept main's translate.yml deletion and applied the Dependabot action bumps to current workflow files. 2e1007e

Excluded threads: none.

@kilbot kilbot merged commit d35aad9 into main May 25, 2026
7 checks passed
@kilbot kilbot deleted the dependabot/github_actions/actions-95f21b80fb branch May 25, 2026 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kilbot