chore(deps): bump the github-actions group across 1 directory with 12 updates by dependabot[bot] · Pull Request #25 · mach-composer/mach-composer-plugin-gcp

dependabot · 2026-05-08T14:02:16Z

Bumps the github-actions group with 12 updates in the / directory:

Package	From	To
actions/checkout	`4.3.1`	`6.0.2`
actions/setup-go	`3.6.1`	`6.4.0`
github/codeql-action	`4.35.2`	`4.35.3`
dependabot/fetch-metadata	`2.5.0`	`3.1.0`
miniscruff/changie-action	`2.0.0`	`3.0.0`
labd/changie-release-action	`0.3.1`	`0.6.1`
arduino/setup-task	`1.0.3`	`2.0.0`
codecov/codecov-action	`5.5.4`	`6.0.0`
actions/upload-artifact	`4.6.2`	`7.0.1`
goreleaser/goreleaser-action	`5.1.0`	`7.2.1`
actions/add-to-project	`1.0.2`	`2.0.0`
zizmorcore/zizmor-action	`0.5.2`	`0.5.3`

Updates actions/checkout from 4.3.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates actions/setup-go from 3.6.1 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Add go-download-base-url input for custom Go distributions by @gdams in actions/setup-go#721

Dependency update

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-go#727

Documentation update

Rearrange README.md, add advanced-usage.md by @priyagupta108 in actions/setup-go#724

Fix Microsoft build of Go link by @gdams in actions/setup-go#734

New Contributors

@gdams made their first contribution in actions/setup-go#721

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

Update default Go module caching to use go.mod by @priyagupta108 in actions/setup-go#705

Fix golang download url to go.dev by @178inaba in actions/setup-go#469

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

What's Changed

Enhancements

Example for restore-only cache in documentation by @aparnajyothi-y in actions/setup-go#696

Update Node.js version in action.yml by @ccoVeille in actions/setup-go#691

Documentation update of actions/checkout by @deining in actions/setup-go#683

Dependency updates

Upgrade js-yaml from 3.14.1 to 3.14.2 by @dependabot in actions/setup-go#682

Upgrade @actions/cache to v5 by @salmanmkc in actions/setup-go#695

Upgrade actions/checkout from 5 to 6 by @dependabot in actions/setup-go#686

Upgrade qs from 6.14.0 to 6.14.1 by @dependabot in actions/setup-go#703

New Contributors

@ccoVeille made their first contribution in actions/setup-go#691

@deining made their first contribution in actions/setup-go#683

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in actions/setup-go#665

Add support for .tool-versions file and update workflow by @priya-kinthali in actions/setup-go#673

Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in actions/setup-go#674

... (truncated)

Commits

4a36011 docs: fix Microsoft build of Go link (#734)
8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
def8c39 Rearrange README.md, add advanced-usage.md (#724)
4b73464 Fix golang download url to go.dev (#469)
a5f9b05 Update default Go module caching to use go.mod (#705)
7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
b9adafd Bump actions/checkout from 5 to 6 (#686)
d73f6bc README.md: correct to actions/checkout@v6 (#683)
ae252ee Bump @actions/cache to v5 (#695)
Additional commits viewable in compare view

Updates github/codeql-action from 4.35.2 to 4.35.3

Release notes

Sourced from github/codeql-action's releases.

v4.35.3

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795

The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789

Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794

Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807

Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

4.35.0 - 27 Mar 2026

Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767

Update default CodeQL bundle version to 2.25.1. #3773

4.34.1 - 20 Mar 2026

Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

4.34.0 - 20 Mar 2026

Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569

We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584

Update default CodeQL bundle version to 2.25.0. #3585

4.33.0 - 16 Mar 2026

Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

To opt out of this change:

Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

... (truncated)

Commits

e46ed2c Merge pull request #3867 from github/update-v4.35.3-8c6e48dbe
b73d1d1 Add changelog entry for #3853
24e0bb0 Reorder changelog entries
ec298da Update changelog for v4.35.3
8c6e48d Merge pull request #3865 from github/update-bundle/codeql-bundle-v2.25.3
7190983 Add changelog note
2bb2095 Update default bundle to codeql-bundle-v2.25.3
7851e55 Merge pull request #3850 from github/mbg/private-registry/cloudsmith-gcp
262a15f Add generic non-printable chars test for OIDC configs
a6109b1 Merge pull request #3853 from github/mbg/start-proxy/improved-checks
Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.5.0 to 3.1.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

Add permissions to all workflows by @truggeri in dependabot/fetch-metadata#687

build(deps-dev): bump globals from 16.0.0 to 17.4.0 by @dependabot[bot] in dependabot/fetch-metadata#690

build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @dependabot[bot] in dependabot/fetch-metadata#693

build(deps-dev): bump @hono/node-server from 1.19.10 to 1.19.13 by @dependabot[bot] in dependabot/fetch-metadata#694

build(deps-dev): bump hono from 4.12.7 to 4.12.12 by @dependabot[bot] in dependabot/fetch-metadata#695

Dynamically update the tracking tag in action by @truggeri in dependabot/fetch-metadata#696

fix: handle duplicate dependency names in parseMetadataLinks by @devantler in dependabot/fetch-metadata#700

fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by @devantler in dependabot/fetch-metadata#698

Updates to README for permissions clarification by @truggeri in dependabot/fetch-metadata#697

fix: resolve update-type null for Python, Composer, and Terraform PRs by @vitorsdcs in dependabot/fetch-metadata#704

build(deps-dev): bump globals from 17.4.0 to 17.5.0 by @dependabot[bot] in dependabot/fetch-metadata#703

build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @dependabot[bot] in dependabot/fetch-metadata#701

build(deps): bump @actions/github from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by @dependabot[bot] in dependabot/fetch-metadata#702

build(deps-dev): bump hono from 4.12.12 to 4.12.14 by @dependabot[bot] in dependabot/fetch-metadata#705

v3.1.0 by @fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#692

New Contributors

@devantler made their first contribution in dependabot/fetch-metadata#700

@vitorsdcs made their first contribution in dependabot/fetch-metadata#704

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

feat: Parse versions from metadata links by @ppkarwasz in dependabot/fetch-metadata#632

Upgrade actions core and actions github packages by @truggeri in dependabot/fetch-metadata#649

docs: Add notes for using alert-lookup with App Token by @sue445 in dependabot/fetch-metadata#656

feat!: update Node.js version to v24 by @sturman in dependabot/fetch-metadata#671

Switch build tooling from ncc to esbuild by @truggeri in dependabot/fetch-metadata#676

Add --legal-comments=none to esbuild build commands by @jeffwidman in dependabot/fetch-metadata#679

Bump tsconfig target from es2022 to es2024 by @jeffwidman in dependabot/fetch-metadata#680

Remove vestigial outDir from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#681

Switch tsconfig module resolution to bundler by @jeffwidman in dependabot/fetch-metadata#682

Remove skipLibCheck from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#683

Add typecheck step to CI by @jeffwidman in dependabot/fetch-metadata#685

Enable noImplicitAny in tsconfig.json by @jeffwidman in dependabot/fetch-metadata#684

Upgrade @actions/core to ^3.0.0 by @truggeri in dependabot/fetch-metadata#677

Upgrade @actions/github to ^9.0.0 and @octokit/request-error to ^7.1.0 by @truggeri in dependabot/fetch-metadata#678

Bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in dependabot/fetch-metadata#651

Bump hono from 4.11.1 to 4.11.4 by @dependabot[bot] in dependabot/fetch-metadata#652

Bump hono from 4.11.4 to 4.11.7 by @dependabot[bot] in dependabot/fetch-metadata#653

Bump hono from 4.11.7 to 4.12.0 by @dependabot[bot] in dependabot/fetch-metadata#657

Bump qs from 6.14.1 to 6.14.2 by @dependabot[bot] in dependabot/fetch-metadata#655

Bump @modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @dependabot[bot] in dependabot/fetch-metadata#654

Bump @hono/node-server from 1.19.9 to 1.19.10 by @dependabot[bot] in dependabot/fetch-metadata#665

Bump hono from 4.12.2 to 4.12.5 by @dependabot[bot] in dependabot/fetch-metadata#664

... (truncated)

Commits

25dd0e3 v3.1.0 (#692)
e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
5168191 Updating dist build
23882e1 build(deps): bump @actions/github in the dependencies group
1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
Additional commits viewable in compare view

Updates miniscruff/changie-action from 2.0.0 to 3.0.0

Release notes

Sourced from miniscruff/changie-action's releases.

v3.0.0 on 2026-04-13

Changed

#335 Upgrade action runner to node24

v2.1.0 on 2025-09-06

Added

#209 Workdir argument to customize directory before running commands

Changed

#303 Args is now optional, not specifying args will just install changie to the path

Changelog

Sourced from miniscruff/changie-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, adheres to Semantic Versioning, and is generated by Changie.

v3.0.0 on 2026-04-13

Changed

#335 Upgrade action runner to node24

v2.1.0 on 2025-09-06

Added

#209 Workdir argument to customize directory before running commands

Changed

#303 Args is now optional, not specifying args will just install changie to the path

v2.0.0 on 2023-09-16

Changed

#182 Upgrade to Node v20 for action runtime

v1.0.1 on 2023-02-04

Fixed

#82 Remove requirement for github token when fetching latest version

v1.0.0 on 2023-01-26

No new features or changes, moving to v1 as the project is being used and it should be stable enough.

v0.2.0 on 2022-10-24

Changed

Set output to the result of running the changie command

v0.1.0 on 2022-10-22

Added

... (truncated)

Commits

11bcad3 Release v3.0.0 (#337)
5155546 update readme to v3 to then release
55f8de1 revert a few packages as they aren't supported together
c180a7c Bump the node-deps group across 1 directory with 9 updates (#336)
c48e03f include node in gen-release-pr in the right version
48fef0e update runner to node24
0839064 Bump the node-deps group across 1 directory with 7 updates (#332)
8da6a05 Bump the action-deps group across 1 directory with 2 updates (#331)
c803a76 Bump the node-deps group with 8 updates (#327)
656d047 Bump actions/setup-node from 6.1.0 to 6.2.0 in the action-deps group (#325)
Additional commits viewable in compare view

Updates labd/changie-release-action from 0.3.1 to 0.6.1

Changelog

Sourced from labd/changie-release-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, adheres to Semantic Versioning, and is generated by Changie.

v0.6.1 - 2026-03-27

Fixed

Added pinned hashes of used actions

v0.6.0 - 2025-03-03

Added

Added option to set a custom version during batching

v0.5.0 - 2024-09-17

Added

Updated action inputs to allow adding pull request labels

Dependency

Updated create-pull-request to v7

v0.4.0 - 2024-07-19

Added

Add option to specify changie version

v0.3.2 - 2024-05-17

Fixed

Updated peter-evans/create-pull-request to v6

v0.3.1 - 2023-11-14

Fixed

Fixed changelog body not being set correctly

v0.3.0 - 2023-04-22

Added

Add version-command variable to run custom commands to set a version

v0.2.0 - 2023-04-05

Added

Create a GitHub release with proper release notes

Fixed

Don't create a release when changie is first added

v0.1.1 - 2023-03-10

Fixed

Always run PR creation flow if a change file exists

v0.1.0 - 2023-03-07

Added

... (truncated)

Commits

1299f6b Merge pull request #23 from labd/release/v0.6.1
b009351 Release v0.6.1
7e1d82b chore: use correct change type
d0aa031 chore: added changie file
881423e chore: fix action versions hash
ac4d65e Merge pull request #21 from labd/release/v0.6.0
9c6f4ff Release v0.6.0
d6bd304 Merge pull request #20 from labd/feat/create-version
9569d9e feat: added option to set custom version
8501c67 Merge pull request #19 from labd/release/v0.5.0
Additional commits viewable in compare view

Updates arduino/setup-task from 1.0.3 to 2.0.0

Release notes

Sourced from arduino/setup-task's releases.

2.0.0

Migration Guide

The version of the Node.js runtime used to execute the action has been updated from 16 to 20. This could be a breaking change for certain GitHub Actions workflows.

If a workflow with dependency on the arduino/setup-task action uses only GitHub-hosted GitHub Actions runners, no changes are required.

If the workflow uses a self-hosted runner, the workflow run might fail after updating arduino/setup-task:
Error: System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values. (Parameter ''using: node20' is not supported, use 'docker', 'node12' or 'node16' instead.')
   at GitHub.Runner.Worker.ActionManifestManager.ConvertRuns(IExecutionContext executionContext, TemplateContext templateContext, TemplateToken inputsToken, String fileRelativePath, MappingToken outputs)
   at GitHub.Runner.Worker.ActionManifestManager.Load(IExecutionContext executionContext, String manifestFile)
Error: Fail to load arduino/setup-task/v2/action.yml
This means an older runner version that does not provide Node.js 20.x is installed on the runner machine and you must update the runner version.

Changelog

Breaking

Update Node.js runtime for action from 16 to 20 (#919)

Enhancement

Various dependency updates

Full Changeset

arduino/setup-task@1.0.3...2.0.0

Contributors

@gdraynz

Commits

b91d5d2 update readme (#929)
f2514b0 Bump node from 16 to 20 (#919)
2007903 Merge pull request #928 from arduino/dependabot/npm_and_yarn/prettier-3.2.5
3f2ef95 build(deps-dev): bump prettier from 3.2.2 to 3.2.5
88d658b Merge pull request #927 from arduino/dependabot/npm_and_yarn/types/node-16.18.79
b79a1c3 build(deps-dev): bump @types/node from 16.18.78 to 16.18.79
5abddba Merge pull request #926 from arduino/dependabot/npm_and_yarn/types/node-16.18.78
b3e99c0 build(deps-dev): bump @types/node from 16.18.76 to 16.18.78
4145542 Merge pull request #924 from arduino/dependabot/npm_and_yarn/typescript-eslin...
10406e6 build(deps-dev): bump @typescript-eslint/parser from 6.19.1 to 6.20.0
Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.4 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @thomasrockhu-codecov in codecov/codecov-action#1929

Th/6.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in codecov/codecov-action#1868

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in codecov/codecov-action#1867

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

docs: fix typo in README by @datalater in codecov/codecov-action#1866

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in codecov/codecov-action#1861

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

fix: Typo in README by @spalmurray in Description has been truncated

… updates Bumps the github-actions group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `3.6.1` | `6.4.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.2` | `4.35.3` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.1.0` | | [miniscruff/changie-action](https://github.com/miniscruff/changie-action) | `2.0.0` | `3.0.0` | | [labd/changie-release-action](https://github.com/labd/changie-release-action) | `0.3.1` | `0.6.1` | | [arduino/setup-task](https://github.com/arduino/setup-task) | `1.0.3` | `2.0.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.4` | `6.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `5.1.0` | `7.2.1` | | [actions/add-to-project](https://github.com/actions/add-to-project) | `1.0.2` | `2.0.0` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.2` | `0.5.3` | Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.3.1...de0fac2) Updates `actions/setup-go` from 3.6.1 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3.6.1...4a36011) Updates `github/codeql-action` from 4.35.2 to 4.35.3 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@95e58e9...e46ed2c) Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@21025c7...25dd0e3) Updates `miniscruff/changie-action` from 2.0.0 to 3.0.0 - [Release notes](https://github.com/miniscruff/changie-action/releases) - [Changelog](https://github.com/miniscruff/changie-action/blob/main/CHANGELOG.md) - [Commits](miniscruff/changie-action@6dcc253...11bcad3) Updates `labd/changie-release-action` from 0.3.1 to 0.6.1 - [Release notes](https://github.com/labd/changie-release-action/releases) - [Changelog](https://github.com/labd/changie-release-action/blob/main/CHANGELOG.md) - [Commits](labd/changie-release-action@851d6ab...1299f6b) Updates `arduino/setup-task` from 1.0.3 to 2.0.0 - [Release notes](https://github.com/arduino/setup-task/releases) - [Commits](arduino/setup-task@v1.0.3...b91d5d2) Updates `codecov/codecov-action` from 5.5.4 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@75cd116...57e3a13) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...043fb46) Updates `goreleaser/goreleaser-action` from 5.1.0 to 7.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@v5.1.0...1a80836) Updates `actions/add-to-project` from 1.0.2 to 2.0.0 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](actions/add-to-project@244f685...5afcf98) Updates `zizmorcore/zizmor-action` from 0.5.2 to 0.5.3 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](zizmorcore/zizmor-action@71321a2...b1d7e1f) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: dependabot/fetch-metadata dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: miniscruff/changie-action dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: labd/changie-release-action dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: arduino/setup-task dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/add-to-project dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 8, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the github-actions group across 1 directory with 12 updates#25

chore(deps): bump the github-actions group across 1 directory with 12 updates#25
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-1310349a4b

dependabot Bot commented on behalf of github May 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 8, 2026

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

v6.3.0

What's Changed

v6.2.0

What's Changed

Enhancements

Dependency updates

New Contributors

v6.1.0

What's Changed

Enhancements

v4.35.3

CodeQL Action Changelog

[UNRELEASED]

4.35.3 - 01 May 2026

4.35.2 - 15 Apr 2026

4.35.1 - 27 Mar 2026

4.35.0 - 27 Mar 2026

4.34.1 - 20 Mar 2026

4.34.0 - 20 Mar 2026

4.33.0 - 16 Mar 2026

v3.1.0

What's Changed

New Contributors

v3.0.0

What's Changed

v3.0.0 on 2026-04-13

Changed

v2.1.0 on 2025-09-06

Added

Changed

Changelog

v3.0.0 on 2026-04-13

Changed

v2.1.0 on 2025-09-06

Added

Changed

v2.0.0 on 2023-09-16

Changed

v1.0.1 on 2023-02-04

Fixed

v1.0.0 on 2023-01-26

v0.2.0 on 2022-10-24

Changed

v0.1.0 on 2022-10-22

Added