Skip to content

chore(deps): bump the github-actions group with 9 updates #2981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 3, 2025
Merged

chore(deps): bump the github-actions group with 9 updates #2981

merged 1 commit into from
Feb 3, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 2, 2025

Bumps the github-actions group with 9 updates:

Package From To
step-security/harden-runner 2.10.2 2.10.4
actions/upload-artifact 4.4.3 4.6.0
aws-actions/configure-aws-credentials 4.0.2 4.0.3
codecov/codecov-action 5.0.7 5.3.1
peter-evans/create-pull-request 7.0.5 7.0.6
github/codeql-action 3.27.5 3.28.8
actions/cache 4.1.2 4.2.0
JamesIves/github-pages-deploy-action 4.7.1 4.7.2
actions/setup-dotnet 4.0.1 4.3.0

Updates step-security/harden-runner from 2.10.2 to 2.10.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.10.4

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

Commits

Updates actions/upload-artifact from 4.4.3 to 4.6.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.0

What's Changed

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

Commits
  • 65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
  • 0207619 move files back to satisfy licensed ci
  • 1ecca81 licensed cache updates
  • 9742269 Expose env vars to controll concurrency and timeout
  • 6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
  • c40c16d add new artifact-digest output
  • 735efb4 bump @​actions/artifact from 2.1.11 to 2.2.0
  • 184d73b Merge pull request #578 from hamirmahal/fix/deprecated-nodejs-usage-in-action
  • b4a0a98 Merge branch 'main' into fix/deprecated-nodejs-usage-in-action
  • See full diff in compare view

Updates aws-actions/configure-aws-credentials from 4.0.2 to 4.0.3

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v4.0.3

4.0.3 (2025-01-27)

Features

  • added release-please action config (0f88004)

Bug Fixes

  • add id-token permission to automerge (97834a4)
  • cpy syntax on npm package (#1195) (83b5a56)
  • force push packaged files to main (bfd2185)

Miscellaneous Chores

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

4.0.3 (2025-01-27)

Features

  • added release-please action config (0f88004)

Bug Fixes

  • add id-token permission to automerge (97834a4)
  • cpy syntax on npm package (#1195) (83b5a56)
  • force push packaged files to main (bfd2185)

Miscellaneous Chores

4.0.2 (2024-02-09)

  • Revert 4.0.1 to remove warning

4.0.1 (2023-10-03)

Documentation

  • Throw a warning when customers use long-term credentials.

4.0.0 (2023-09-11)

  • Upgraded runtime to node20 from node16

3.0.2 (2023-09-07)

Bug Fixes

3.0.1 (2023-08-24)

Features

  • Can configure special-characters-workaround to keep retrying credentials if the returned credentials have special characters (Fixes #599)

Bug Fixes

... (truncated)

Commits
  • 4fc4975 Merge pull request #1273 from aws-actions/release-please--branches--main--com...
  • 47ce154 chore(main): release 4.0.3
  • d700acb Merge pull request #1266 from aws-actions/release-please-integration
  • ca00fd4 chore: release 4.0.3
  • 0f88004 feat: added release-please action config
  • f171d5c chore: Update dist
  • 2c187c9 chore(deps): bump @​smithy/node-http-handler from 3.2.5 to 4.0.1 (#1251)
  • 97834a4 fix: add id-token permission to automerge
  • 16ffc4e chore: remove mergify (#1196)
  • b47a851 chore(deps-dev): bump @​types/node from 22.8.7 to 22.9.0 (#1197)
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 5.0.7 to 5.3.1

Release notes

Sourced from codecov/codecov-action's releases.

v5.3.1

What's Changed

Full Changelog: codecov/codecov-action@v5.3.0...v5.3.1

v5.3.0

What's Changed

Full Changelog: codecov/codecov-action@v5.2.0...v5.3.0

v5.2.0

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.1.2...v5.2.0

v5.1.2

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5.3.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1

v5.3.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.2.0..v5.3.0

v5.2.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0

v5.1.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.1.1..v5.1.2

v5.1.1

What's Changed

... (truncated)

Commits

Updates peter-evans/create-pull-request from 7.0.5 to 7.0.6

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.6

⚙️ Fixes an issue with commit signing where unicode characters in file paths were not preserved.

What's Changed

New Contributors

... (truncated)

Commits
  • 67ccf78 fix: preserve unicode in filepaths when commit signing (#3588)
  • bb88e27 build: update distribution (#3583)
  • b378ed5 build(deps): bump p-limit from 6.1.0 to 6.2.0 (#3578)
  • fa9200e build(deps-dev): bump @​types/node from 18.19.67 to 18.19.68 (#3570)
  • 16e0059 build(deps-dev): bump prettier from 3.4.1 to 3.4.2 (#3560)
  • 5bffd5a build(deps-dev): bump eslint-import-resolver-typescript (#3559)
  • a22a0dd build(deps-dev): bump prettier from 3.4.0 to 3.4.1 (#3544)
  • b27ce37 build(deps-dev): bump @​types/node from 18.19.66 to 18.19.67 (#3543)
  • 4e0cc19 build(deps): bump @​octokit/plugin-paginate-rest from 11.3.5 to 11.3.6 (#3542)
  • 25b6871 docs: update scopes for push-to-fork
  • Additional commits viewable in compare view

Updates github/codeql-action from 3.27.5 to 3.28.8

Release notes

Sourced from github/codeql-action's releases.

v3.28.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

See the full CHANGELOG.md for more information.

v3.28.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

See the full CHANGELOG.md for more information.

v3.28.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

See the full CHANGELOG.md for more information.

v3.28.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.8 - 29 Jan 2025

  • Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

  • Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

  • Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

  • Update default CodeQL bundle version to 2.20.2. #2707
  • Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710
  • Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

  • CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677
  • Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

  • Bump the minimum CodeQL bundle version to 2.15.5. #2655
  • Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

... (truncated)

Commits
  • dd74661 Merge pull request #2746 from github/update-v3.28.8-a91a3f767
  • 3210a3c Fix Kotlin version in changelog
  • 72f9d02 Update changelog for v3.28.8
  • a91a3f7 Merge pull request #2744 from github/igfoo/kot2.1.10
  • c520fb5 Merge pull request #2745 from github/mergeback/v3.28.7-to-main-6e545590
  • 3879c57 Add changelog entry
  • 0c21937 Run "npm run build"
  • 5a61bf0 Kotlin: The 2.20.3 release supports Kotlin 2.1.10.
  • 163d119 Update checked-in dependencies
  • bcf5cec Update changelog and version after v3.28.7
  • Additional commits viewable in compare view

Updates actions/cache from 4.1.2 to 4.2.0

Release notes

Sourced from actions/cache's releases.

v4.2.0

⚠️ Important Changes

The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

Read more about the change & access the migration guide: reference to the announcement.

Minor changes

Minor and patch version updates for these dependencies:

  • @​actions/core: 1.11.1
  • @​actions/io: 1.1.3
  • @​vercel/ncc: 0.38.3

Full Changelog: actions/cache@v4...v4.2.0

Changelog

Sourced from actions/cache's changelog.

Releases

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

  • Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
  • Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

  • Restore original behavior of cache-hit output - #1467

4.1.0

  • Ensure cache-hit output is set when a cache is missed - #1404
  • Deprecate save-always input - #1452

4.0.2

  • Fixed restore fail-on-cache-miss not working.

4.0.1

  • Updated isGhes check

4.0.0

  • Updated minimum runner version support from node 12 -> node 20

3.4.0

  • Integrated with the new cache service (v2) APIs

3.3.3

  • Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
  • Additional audit fixes of npm package(s)

... (truncated)

Commits

Updates JamesIves/github-pages-deploy-action from 4.7.1 to 4.7.2

Release notes

Sourced from JamesIves/github-pages-deploy-action's releases.

v4.7.2

What's Changed

Bug Fixes 🐝

Build 🔧

Full Changelog: JamesIves/github-pages-deploy-action@v4.7.1...v4.7.2

Commits
  • 15de0f0 Deploy Production Code for Commit d5dce9b90a6d5a8ff3cf3d2d8e6762aeddcc8026 🚀
  • d5dce9b Merge branch 'dev' into releases/v4
  • 389b85f fix: enable rsync mkpath to be backwards compatible (#1757)
  • 12622a2 build(deps): bump the misc group across 1 directory with 2 updates (#1756)
  • 588d83f Release 4.7.1 📣
  • See full diff in compare view

Updates actions/setup-dotnet from 4.0.1 to 4.3.0

Release notes

Sourced from actions/setup-dotnet's releases.

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/setup-dotnet@v4...v4.3.0

v4.2.0

What's Changed

@dependabot
chore(deps): bump the github-actions group with 9 updates
3e074d9 
Bumps the github-actions group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.10.2` | `2.10.4` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `4.6.0` |
| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.0.2` | `4.0.3` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.0.7` | `5.3.1` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.5` | `7.0.6` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.27.5` | `3.28.8` |
| [actions/cache](https://github.com/actions/cache) | `4.1.2` | `4.2.0` |
| [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) | `4.7.1` | `4.7.2` |
| [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `4.0.1` | `4.3.0` |


Updates `step-security/harden-runner` from 2.10.2 to 2.10.4
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@0080882...cb605e5)

Updates `actions/upload-artifact` from 4.4.3 to 4.6.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b4b15b8...65c4c4a)

Updates `aws-actions/configure-aws-credentials` from 4.0.2 to 4.0.3
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@e3dd6a4...4fc4975)

Updates `codecov/codecov-action` from 5.0.7 to 5.3.1
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@015f24e...13ce06b)

Updates `peter-evans/create-pull-request` from 7.0.5 to 7.0.6
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@5e91468...67ccf78)

Updates `github/codeql-action` from 3.27.5 to 3.28.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f09c1c0...dd74661)

Updates `actions/cache` from 4.1.2 to 4.2.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@6849a64...1bd1e32)

Updates `JamesIves/github-pages-deploy-action` from 4.7.1 to 4.7.2
- [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases)
- [Commits](JamesIves/github-pages-deploy-action@dc18a3c...15de0f0)

Updates `actions/setup-dotnet` from 4.0.1 to 4.3.0
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](actions/setup-dotnet@6bd8b7f...3951f0d)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: aws-actions/configure-aws-credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: JamesIves/github-pages-deploy-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-dotnet
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner February 2, 2025 00:01
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 2, 2025
@tippmar-nr tippmar-nr merged commit d88add5 into main Feb 3, 2025
17 checks passed
@tippmar-nr tippmar-nr deleted the dependabot/github_actions/github-actions-08f35854bd branch February 3, 2025 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tippmar-nr tippmar-nr tippmar-nr approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tippmar-nr