chore: batch dependabot updates 2026-07-09#55
Merged
Conversation
…updates Bumps the github-actions group with 5 updates in the /.github/actions/setup-toolchain directory: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `6.4.0` | `6.5.0` | | [actions/setup-java](https://github.com/actions/setup-java) | `5.2.0` | `5.4.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.308.0` | `1.316.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` | Updates `actions/setup-go` from 6.4.0 to 6.5.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@4a36011...924ae3a) Updates `actions/setup-java` from 5.2.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@be666c2...1bcf9fb) Updates `actions/setup-python` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a309ff8...ece7cb0) Updates `ruby/setup-ruby` from 1.308.0 to 1.316.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@97ecb7b...d45b1a4) Updates `actions/cache` from 5.0.5 to 6.1.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@27d5ce7...55cc834) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-java dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: ruby/setup-ruby dependency-version: 1.314.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
…updates Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.3` | `7.0.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [denoland/setup-deno](https://github.com/denoland/setup-deno) | `2.0.4` | `2.0.5` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.4.0` | `6.5.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `9.2.1` | `9.3.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` | | [apache/skywalking-eyes/header](https://github.com/apache/skywalking-eyes) | `ab3d1fe50d23f9c82eff489297167e2dde8ba6cb` | `29bd646002b63bb4c0ed1648d1654c35fb8ff027` | Updates `actions/checkout` from 6.0.3 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@df4cb1c...9c091bb) Updates `actions/upload-pages-artifact` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@7b1f4a7...fc324d3) Updates `actions/deploy-pages` from 4.0.5 to 5.0.0 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](actions/deploy-pages@d6db901...cd2ce8f) Updates `denoland/setup-deno` from 2.0.4 to 2.0.5 - [Release notes](https://github.com/denoland/setup-deno/releases) - [Commits](denoland/setup-deno@667a34c...22d081f) Updates `actions/setup-go` from 6.4.0 to 6.5.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@4a36011...924ae3a) Updates `golangci/golangci-lint-action` from 9.2.1 to 9.3.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@82606bf...ba0d7d2) Updates `actions/cache` from 5.0.5 to 6.1.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@27d5ce7...55cc834) Updates `apache/skywalking-eyes/header` from ab3d1fe50d23f9c82eff489297167e2dde8ba6cb to 29bd646002b63bb4c0ed1648d1654c35fb8ff027 - [Release notes](https://github.com/apache/skywalking-eyes/releases) - [Changelog](https://github.com/apache/skywalking-eyes/blob/main/CHANGES.md) - [Commits](apache/skywalking-eyes@ab3d1fe...29bd646) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/deploy-pages dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-pages-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: apache/skywalking-eyes/header dependency-version: 29bd646002b63bb4c0ed1648d1654c35fb8ff027 dependency-type: direct:production dependency-group: github-actions - dependency-name: denoland/setup-deno dependency-version: 2.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-version: 9.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Batch dependabot updates — 2026-07-09
Branch:
chore/batch-dependabot-2026-07-09(2 commits, based onorigin/main@d7c538ecc)PR title:
chore(deps): batch dependabot updates 2026-07-09Summary
Batches the open dependabot github-actions updates into a single PR by cherry-picking each dependabot commit.
actions/cacheactions/checkoutdf4cb1c0…9c091bb2…actions/setup-goactions/setup-javaactions/setup-pythonruby/setup-rubydenoland/setup-deno667a34cd…22d081ff…Touches:
setup-toolchain/action.yml+ 6 workflows (deploy-pages,e2e_pr_tests,pr_checks,prepare-release,release,sdk_publish).Closes
Closes #3
Closes #36
Excluded
#8 (pip-prod group, 14 updates) is excluded — do not merge as-is, two independent blockers:
urllib3floor to>=2.7.0, which requires Python ≥ 3.10, while all Python packages declarerequires-python >= 3.9.poetry lockfails to solve (urllib3 is forbidden).pyproject.tomlfiles are generated;hack/python-client/postprocess.shforce-pins the urllib3 floor back to2.1.0on everyyarn generate:api-client, so the next regeneration reverts the bump and the "generated clients out of date" CI gate fails.Suggested follow-up for #8: bump the floors in the generator templates/postprocess (and decide whether to drop py3.9 first), and add a dependabot
ignore/exclusion for generated client manifests so it stops proposing un-mergeable bumps there.Conflict resolutions during cherry-pick
default_image_publish.yamlandtranslate.yaml(from chore(deps): Bump the github-actions group across 1 directory with 8 updates #36): kept deleted — these workflows were intentionally removed on main by the monorepo-cruft cleanup (chore: remove monorepo-migration cruft, pin CI poetry to 2.3.2, and properly deprecate daytona_sdk #46); bumps to deleted files are moot.e2e_pr_tests.yamlmerged cleanly into the rewritten parallel-e2e version of the file.Validation
actionlintclean on all changed workflow files (composite-action false positives and the knownblacksmith-*runner-label warning aside).poetry locksolves with zero lock drift after excluding chore(deps): Bump the pip-prod group across 5 directories with 14 updates #8.Risk notes
actions/cachev5 → v6 is a major bump; used inpr_checks.yaml+setup-toolchain/action.yml. Cache actions have historically been drop-in across majors, but the first CI run on this PR is the real verification — watch the cache save/restore steps.Summary by cubic
Batch updates GitHub Actions across workflows to keep CI current and pins consistent. Major bumps to
actions/checkoutv7 andactions/cachev6; closes #3 and #36.Dependencies
actions/checkoutv7.0.0,actions/cachev6.1.0actions/setup-gov6.5.0,actions/setup-javav5.4.0,actions/setup-pythonv6.3.0,ruby/setup-rubyv1.316.0,actions/upload-pages-artifactv5.0.0,actions/deploy-pagesv5.0.0,denoland/setup-denov2.0.5,golangci/golangci-lint-actionv9.3.0,apache/skywalking-eyes/headerupdatedMigration
actions/cacherestore/save steps.Written for commit 8483368. Summary will update on new commits.