Skip to content

ci(deps): bump the github-actions group across 1 directory with 8 updates#146

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-2fb8b86eed
Open

ci(deps): bump the github-actions group across 1 directory with 8 updates#146
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-2fb8b86eed

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Dec 12, 2025
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 8 updates in the / directory:

Package From To
actions/checkout 5.0.0 6.0.1
github/codeql-action 3.29.8 4.31.8
actions/setup-node 4.4.0 6.1.0
actions/setup-java 4.7.1 5.1.0
actions/cache 4.3.0 5.0.1
gradle/actions 4.4.2 5.0.0
googleapis/release-please-action 4.2.0 4.4.0
actions/upload-artifact 4.6.2 6.0.0

Updates actions/checkout from 5.0.0 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Updates github/codeql-action from 3.29.8 to 4.31.8

Release notes

Sourced from github/codeql-action's releases.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

See the full CHANGELOG.md for more information.

v4.31.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

... (truncated)

Commits
  • 1b168cd Merge pull request #3355 from github/update-v4.31.8-1b0b941e1
  • 120f277 Update changelog for v4.31.8
  • 1b0b941 Merge pull request #3354 from github/update-bundle/codeql-bundle-v2.23.8
  • db812c1 Add changelog note
  • 2930dba Update default bundle to codeql-bundle-v2.23.8
  • c43362b Merge pull request #3340 from github/kaspersv/check-for-overlayBaseSpecifier
  • 002a7f2 Overlay: log overlayBaseSpecifier at debug log-level
  • 5b7e7fc Update src/codeql.ts
  • 149d184 Merge pull request #3345 from github/mergeback/v4.31.7-to-main-cf1bb45a
  • 97c2630 Rebuild
  • Additional commits viewable in compare view

Updates actions/setup-node from 4.4.0 to 6.1.0

Release notes

Sourced from actions/setup-node's releases.

v6.1.0

What's Changed

Enhancement:

Dependency updates:

Documentation update:

Full Changelog: actions/setup-node@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

... (truncated)

Commits

Updates actions/setup-java from 4.7.1 to 5.1.0

Release notes

Sourced from actions/setup-java's releases.

v5.1.0

What's Changed

New Features

Bug Fixes & Improvements

Documentation changes

Dependency updates

New Contributors

Full Changelog: actions/setup-java@v5...v5.1.0

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

Bug Fixes

... (truncated)

Commits
  • f2beeb2 Bump actions/publish-action from 0.3.0 to 0.4.0 (#912)
  • 4e7e684 feat: Add support for .sdkmanrc file in java-version-file parameter (#736)
  • 46c56d6 Add GitHub Token Support for GraalVM and Refactor Code (#849)
  • 66b9457 Update SapMachine URLs (#955)
  • 6ba5449 Enhance error logging for network failures to include endpoint/IP details, ad...
  • de5a937 adds microsoft openjdk25 builds (#927)
  • ead9eaa Update Regex to Support All ASDF Versions for the supported distributions in ...
  • 8c57fa3 Clarify JAVA_HOME and PATH setup in README (#841)
  • a7ab372 Bump prettier from 2.8.8 to 3.6.2 (#873)
  • d0351b4 Update documentation to use checkout and Java v5 (#903)
  • Additional commits viewable in compare view

Updates actions/cache from 4.3.0 to 5.0.1

Release notes

Sourced from actions/cache's releases.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

v5.0.1

What's Changed

v5.0.0

What's Changed

Full Changelog: actions/cache@v5...v5.0.1

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Full Changelog: actions/cache@v4.3.0...v5.0.0

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

  • Bump @actions/cache to v4.1.0

4.2.4

  • Bump @actions/cache to v4.0.5

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

  • Bump @actions/cache to v4.0.2

4.2.1

  • Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

... (truncated)

Commits
  • 9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
  • 8ff5423 chore: release v5.0.1
  • 9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
  • b975f2b fix: add peer property to package-lock.json for dependencies
  • d0a0e18 fix: update license files for @​actions/cache, fast-xml-parser, and strnum
  • 74de208 fix: update @​actions/cache to ^5.0.1 for Node.js 24 punycode fix
  • ac7f115 peer
  • b0f846b fix: update @​actions/cache with storage-blob fix for Node.js 24 punycode depr...
  • a783357 Merge pull request #1684 from actions/prepare-cache-v5-release
  • 3bb0d78 docs: highlight v5 runner requirement in releases
  • Additional commits viewable in compare view

Updates gradle/actions from 4.4.2 to 5.0.0

Release notes

Sourced from gradle/actions's releases.

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency upgrades

Full Changelog: gradle/actions@v4...v5.0.0

v4.4.4

What's Changed

Full Changelog: gradle/actions@v4...v4.4.4

v4.4.3

What's Changed

... (truncated)

Commits
  • 4d9f0ba Bump the github-actions group across 1 directory with 2 updates (#748)
  • 4b530e3 Bump the github-actions group across 1 directory with 2 updates
  • e60655a Upgrade to node 24 (#721)
  • 748248d Bump the npm-dependencies group in /sources with 5 updates (#745)
  • 81b68c9 Bump com.google.guava:guava from 33.4.8-jre to 33.5.0-jre in /.github/workflo...
  • 1361730 Bump com.google.guava:guava
  • a86ac11 Bump the npm-dependencies group in /sources with 5 updates
  • 182e4d3 [bot] Update dist directory
  • a48a0fa Update known wrapper checksums (#743)
  • 6d7d019 Update known wrapper checksums
  • Additional commits viewable in compare view

Updates googleapis/release-please-action from 4.2.0 to 4.4.0

Release notes

Sourced from googleapis/release-please-action's releases.

v4.4.0

4.4.0 (2025-10-09)

Features

  • add ability to select versioning-strategy and release-as (#1121) (ee0f5ba)

Bug Fixes

  • changelog-host parameter ignored when using manifest configuration (#1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#1158) (66fbfe9)

v4.3.0

4.3.0 (2025-08-20)

Features

  • deps: update release-please to 17.1.2 (f07192c)
Changelog

Sourced from googleapis/release-please-action's changelog.

Changelog

4.4.0 (2025-10-09)

Features

  • add ability to select versioning-strategy and release-as (#1121) (ee0f5ba)

Bug Fixes

  • changelog-host parameter ignored when using manifest configuration (#1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#1158) (66fbfe9)

4.3.0 (2025-08-20)

Features

  • deps: update release-please to 17.1.2 (f07192c)

4.2.0 (2025-03-07)

Features

  • support for skip-labeling parameter for GitHub action (#1066) (fb7f385)

4.1.5 (2025-02-27)

Bug Fixes

4.1.4 (2024-10-02)

Bug Fixes

  • bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group (#1015) (5ec1cbd)
  • bump release-please from 16.12.0 to 16.13.0 (#1030) (caa0464)
  • bump release-please from 16.13.0 to 16.14.0 (#1032) (b2a986c)
  • deps: update release-please to 16.14.1 (#1036) (2942e51)

4.1.3 (2024-06-10)

... (truncated)

Commits
  • 16a9c90 chore(main): release 4.4.0 (#1156)
  • e5c2aa4 chore: build dist (#1159)
  • 66fbfe9 fix: bump release-please from 17.1.2 to 17.1.3 (#1158)
  • 4cd397a chore: build dist (#1152)
  • ee0f5ba feat: add ability to select versioning-strategy and release-as (#1121)
  • 535c413 fix: changelog-host parameter ignored when using manifest configuration (#1...
  • 3612a99 fix: bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 dire...
  • 15209c4 chore: verify body contents when running tests (#1148)
  • bf90349 docs: Add body to Outputs (#1129)
  • 1cfb21c docs: adds missing github action permissions to README (#1108)
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 12, 2025
@dependabot
ci(deps): bump the github-actions group across 1 directory with 8 upd…
5916734 
…ates

Bumps the github-actions group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.1` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.8` | `4.31.8` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.1.0` |
| [actions/setup-java](https://github.com/actions/setup-java) | `4.7.1` | `5.1.0` |
| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.1` |
| [gradle/actions](https://github.com/gradle/actions) | `4.4.2` | `5.0.0` |
| [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.2.0` | `4.4.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `6.0.0` |



Updates `actions/checkout` from 5.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08c6903...8e8c483)

Updates `github/codeql-action` from 3.29.8 to 4.31.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@76621b6...1b168cd)

Updates `actions/setup-node` from 4.4.0 to 6.1.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@49933ea...395ad32)

Updates `actions/setup-java` from 4.7.1 to 5.1.0
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v4.7.1...f2beeb2)

Updates `actions/cache` from 4.3.0 to 5.0.1
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0057852...9255dc7)

Updates `gradle/actions` from 4.4.2 to 5.0.0
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@v4.4.2...4d9f0ba)

Updates `googleapis/release-please-action` from 4.2.0 to 4.4.0
- [Release notes](https://github.com/googleapis/release-please-action/releases)
- [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md)
- [Commits](googleapis/release-please-action@a02a34c...16a9c90)

Updates `actions/upload-artifact` from 4.6.2 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...b7c566a)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.31.8
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-java
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: gradle/actions
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: googleapis/release-please-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-2fb8b86eed branch from e6c9229 to 5916734 Compare December 18, 2025 21:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants