build(deps): bump the github-actions group across 1 directory with 11 updates

[dependabot]

Bumps the github-actions group with 11 updates in the / directory:

Package	From	To
actions/checkout	6.0.0	6.0.1
shivammathur/setup-php	2.35.5	2.36.0
github/codeql-action	4.31.5	4.31.9
actions/setup-node	6.0.0	6.1.0
cypress-io/github-action	6.10.4	6.10.8
actions/upload-artifact	5.0.0	6.0.0
codecov/codecov-action	5.5.1	5.5.2
codecov/test-results-action	1.1.1	1.2.1
LizardByte/actions	2025.1028.23217	2025.1227.191137
peter-evans/create-pull-request	7.0.9	8.0.0
actions/stale	10.1.0	10.1.1

Updates actions/checkout from 6.0.0 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

• Update all references from v5 and v4 to v6 by @​ericsciple in actions/checkout#2314
• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327
• Clarify v6 README by @​ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

Commits

• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• See full diff in compare view

Updates shivammathur/setup-php from 2.35.5 to 2.36.0

Release notes

Sourced from shivammathur/setup-php's releases.

2.36.0

Changelog

• Added support for PHP 8.5 stable release.

- name: Setup PHP 8.5 (stable)
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'

• Added support for PHP 8.6.0-dev. Specifying 8.6 in the php-version input should now set up a nightly build from the master branch of php-src. (#1002)

- name: Setup PHP 8.6.0-dev
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.6'

• Added support for pdo_ibm and ibm_db2 extensions.

- name: Setup PHP with pdo_ibm and ibm_db2 extensions
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
    extensions: pdo_ibm, ibm_db2

• Added support to install blackfire extension on PHP 8.5.

- name: Setup PHP with blackfire extension
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
    extensions: blackfire

• Improved support to detect the required libraries when building from source for common extensions. For example installing gnupg from source would install the required libgpgme library automatically. (#1021)

- name: Setup PHP with amqp extension
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.5'
    extensions: gnupg-1.5.4

... (truncated)

Commits

• 44454db Fix check_lists in ppa.sh
• 9d7558f Revert to using php-builder for PHP 8.3 and above for self-hosted
• 7bf05c6 Update README
• 5daa53f Fix shellcheck in darwin.sh
• e8f032a Fix linking
• f96e84a Bump version to 2.36.0
• 4abbbd6 Fix build pdo_oci on macos for PHP 7.0
• a19278e Update actions/checkout to v6
• 4364ed4 Merge pull request #1030 from shivammathur/dependabot/github_actions/develop/...
• 8dcd37f Improve macos php setup
• Additional commits viewable in compare view

Updates github/codeql-action from 4.31.5 to 4.31.9

Release notes

Sourced from github/codeql-action's releases.

v4.31.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

• Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

• Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

• Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

• CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
• Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

• The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

• Bump minimum CodeQL bundle version to 2.17.6. #3223
• When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

... (truncated)

Commits

• 5d4e8d1 Merge pull request #3371 from github/update-v4.31.9-998798e34
• 1dc115f Update changelog for v4.31.9
• 998798e Merge pull request #3352 from github/nickrolfe/jar-min-ff-cleanup
• 5eb7519 Merge pull request #3358 from github/henrymercer/database-upload-telemetry
• d29eddb Extract version number to constant
• e962687 Merge branch 'main' into henrymercer/database-upload-telemetry
• 19c7f96 Rename isOverlayBase
• ae5de9a Use getErrorMessage in log too
• 0cb8633 Prefer performance.now()
• c07cc0d Merge pull request #3351 from github/henrymercer/ghec-dr-determine-tools-vers...
• Additional commits viewable in compare view

Updates actions/setup-node from 6.0.0 to 6.1.0

Release notes

Sourced from actions/setup-node's releases.

v6.1.0

What's Changed

Enhancement:

• Remove always-auth configuration handling by @​priyagupta108 in actions/setup-node#1436

Dependency updates:

• Upgrade @​actions/cache from 4.0.3 to 4.1.0 by @​dependabot[bot] in actions/setup-node#1384
• Upgrade actions/checkout from 5 to 6 by @​dependabot[bot] in actions/setup-node#1439
• Upgrade js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in actions/setup-node#1435

Documentation update:

• Add example for restore-only cache in documentation by @​aparnajyothi-y in actions/setup-node#1419

Full Changelog: actions/setup-node@v6...v6.1.0

Commits

• 395ad32 Bump js-yaml from 3.14.1 to 3.14.2 (#1435)
• a4d2e2b Bump actions/checkout from 5 to 6 (#1439)
• b9b25d4 Remove always-auth configuration handling from action (#1436)
• 633bb92 Bump @​actions/cache from 4.0.3 to 4.1.0 (#1384)
• dda4788 Add example for restore-only cache in documentation (#1419)
• See full diff in compare view

Updates cypress-io/github-action from 6.10.4 to 6.10.8

Release notes

Sourced from cypress-io/github-action's releases.

v6.10.8

6.10.8 (2025-12-15)

Bug Fixes

• deps: update @​octokit/core to 7.0.6 (#1615) (2ad32e6)

v6.10.7

6.10.7 (2025-12-15)

Bug Fixes

• deps: update GitHub actions/toolkit dependencies (#1612) (fa1d27a)

v6.10.6

6.10.6 (2025-12-12)

Bug Fixes

• deps: update next to 16.0.10 (#1607) (d842ab1)

v6.10.5

6.10.5 (2025-12-10)

Bug Fixes

• deps: update next to 16.0.8 (#1604) (e3ff965)

Commits

• 2ad32e6 fix(deps): update @​octokit/core to 7.0.6 (#1615)
• fa1d27a fix(deps): update GitHub actions/toolkit dependencies (#1612)
• 1df92a4 test(deps): update upload- & download-artifact to node24 versions (#1611)
• 9dc17a7 test(deps): update actions/cache to v5 (#1606)
• 1ada3d0 docs: update http://on.cypress.io/ to https (#1605)
• d842ab1 fix(deps): update next to 16.0.10 (#1607)
• 33e67f1 chore(deps): update actions/checkout to v6 (#1603)
• e3ff965 fix(deps): update next to 16.0.8 (#1604)
• 269d755 chore(deps): update cypress to 15.7.1 (#1599)
• 3826585 test(deps): update next to 16.0.7 (#1600)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 5.0.0 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits

• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• ddc45ed docs: update README to correct action name for Node.js 24 support
• 615b319 chore: release v6.0.0 for Node.js 24 support
• 017748b Merge pull request #744 from actions/fix-storage-blob
• 38d4c79 chore: rebuild dist
• 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
• 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
• 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
• b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
• Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.1 to 5.5.2

Release notes

Sourced from codecov/codecov-action's releases.

v5.5.2

What's Changed

• check gpg only when skip-validation = false by @​maxweng-sentry in codecov/codecov-action#1894
• chore: disable_search alignment by @​freemanzMrojo in codecov/codecov-action#1881
• chore(release): 5.5.2 by @​thomasrockhu-codecov in codecov/codecov-action#1902

New Contributors

• @​maxweng-sentry made their first contribution in codecov/codecov-action#1894
• @​freemanzMrojo made their first contribution in codecov/codecov-action#1881

Full Changelog: codecov/codecov-action@v5.5.1...v5.5.2

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• 671740a chore(release): 5.5.2 (#1902)
• 96b38e9 chore: disable_search alignment (#1881)
• 9b6d1f8 check gpg only when skip-validation = false (#1894)
• See full diff in compare view

Updates codecov/test-results-action from 1.1.1 to 1.2.1

Release notes

Sourced from codecov/test-results-action's releases.

v1.2.1

What's Changed

• fix: deprecate this action by @​thomasrockhu-codecov in codecov/test-results-action#129
• chore(release): 1.2.1 by @​thomasrockhu-codecov in codecov/test-results-action#130

Full Changelog: codecov/test-results-action@v1.1.1...v1.2.1

Commits

• 0fa95f0 chore(release): 1.2.1 (#130)
• 3fef12b fix: deprecate this action (#129)
• See full diff in compare view

Updates LizardByte/actions from 2025.1028.23217 to 2025.1227.191137

Release notes

Sourced from LizardByte/actions's releases.

v2025.1227.191137

What's Changed

• fix(release_homebrew): ignore indented version lines in formula blocks during version extraction by @​ReenigneArcher in #98
• feat(release_homebrew): edit existing PRs by @​ReenigneArcher in #99

Full Changelog: LizardByte/actions@v2025.1224.155016...v2025.1227.191137

---

Contributors

v2025.1224.155016

What's Changed

• fix(release_homebrew): fix empty outputs when validate is false by @​ReenigneArcher in #97
• chore(deps-dev): bump eslint-plugin-jest from 29.5.0 to 29.9.0 in the dev-dependencies group by @​dependabot[bot] in #96

Full Changelog: LizardByte/actions@v2025.1221.31807...v2025.1224.155016

---

Contributors

v2025.1221.31807

What's Changed

• fix(release_homebrew): force build from source by @​ReenigneArcher in #93
• feat(actions): add setup cuda action by @​ReenigneArcher in #94

Full Changelog: LizardByte/actions@v2025.1220.21713...v2025.1221.31807

---

Contributors

v2025.1220.21713

What's Changed

• chore(deps-dev): bump pytest from 8.4.2 to 9.0.0 in the pytest-dependencies group by @​dependabot[bot] in #75
• chore(deps): bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in #77
• chore(deps-dev): bump pytest from 9.0.0 to 9.0.1 in the pytest-dependencies group by @​dependabot[bot] in #76
• test: Refactor mockRejectedValue to use Error objects by @​ReenigneArcher in #78
• chore(deps-dev): bump pytest from 9.0.1 to 9.0.2 in the pytest-dependencies group by @​dependabot[bot] in #79
• ci: remove macos-13 by @​ReenigneArcher in #81
• chore: update global workflows by @​LizardByte-bot in #82
• chore(deps): bump the github-actions group across 1 directory with 2 updates by @​dependabot[bot] in #83
• chore(deps): bump ncipollo/release-action from 1.16.0 to 1.20.0 in /actions/release_create by @​dependabot[bot] in #84
• chore(deps-dev): bump the dev-dependencies group with 4 updates by @​dependabot[bot] in #85
• chore(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 by @​dependabot[bot] in #86
• chore(deps): bump jenseng/dynamic-uses from 1.0.2 to 1.1.0 by @​dependabot[bot] in #87

... (truncated)

Commits

• c2e9980 feat(release_homebrew): edit existing PRs (#99)
• e685bc7 fix(release_homebrew): ignore indented version lines in formula blocks during...
• 0f60cc7 chore(deps-dev): bump eslint-plugin-jest from 29.5.0 to 29.9.0 in the dev-dep...
• 20ea35f fix(release_homebrew): fix empty outputs when validate is false (#97)
• 4586d79 feat(actions): add setup cuda action (#94)
• 28cbc37 fix(release_homebrew): force build from source (#93)
• a20fbc6 chore: update global workflows (#92)
• 7a5a66c ci: migrate to codecov-action for test results (#91)
• 9f62c5e feat(release_homebrew): bring tests to parity with official homebrew workflow...
• 3a6943b chore(deps-dev): bump the dev-dependencies group with 3 updates (#89)
• Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 7.0.9 to 8.0.0

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.0.0

What's new in v8

• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

• chore: Update checkout action version to v6 by @​yonas in peter-evans/create-pull-request#4258
• Update actions/checkout references to @​v6 in docs by @​Copilot in peter-evans/create-pull-request#4259
• feat: v8 by @​peter-evans in peter-evans/create-pull-request#4260

New Contributors

• @​yonas made their first contribution in peter-evans/create-pull-request#4258
• @​Copilot made their first contribution in peter-evans/create-pull-request#4259

Full Changelog: peter-evans/create-pull-request@v7.0.11...v8.0.0

Create Pull Request v7.0.11

What's Changed

• fix: restrict remote prune to self-hosted runners by @​peter-evans in peter-evans/create-pull-request#4250

Full Changelog: peter-evans/create-pull-request@v7.0.10...v7.0.11

Create Pull Request v7.0.10

⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.

What's Changed

• build(deps): bump the github-actions group with 2 updates by @​dependabot[bot] in peter-evans/create-pull-request#4235
• build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by @​dependabot[bot] in peter-evans/create-pull-request#4240
• fix: provider list pulls fallback for multi fork same owner by @​peter-evans in peter-evans/create-pull-request#4245

New Contributors

• @​obnyis made their first contribution in peter-evans/create-pull-request#4064

Full Changelog: peter-evans/create-pull-request@v7.0.9...v7.0.10

Commits

• 98357b1 feat: v8 (#4260)
• 41c0e4b Update actions/checkout references to @​v6 in docs (#4259)
• 994332d chore: Update checkout action version to v6 (#4258)
• 22a9089 fix: restrict remote prune to self-hosted runners (#4250)
• d4f3be6 fix: provider list pulls fallback for multi fork same owner (#4245)
• bc8a47f build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group (#4240)
• a67ef28 build(deps): bump the github-actions group with 2 updates (#4235)
• See full diff in compare view

Updates actions/stale from 10.1.0 to 10.1.1

Release notes

Sourced from actions/stale's releases.

v10.1.1

What's Changed

Bug Fix

• Add Missing Input Reading for only-issue-types by @​Bibo-Joshi in actions/stale#1298

Improvement

• Improves error handling when rate limiting is disabled on GHES. by @​chiranjib-swain in actions/stale#1300

Dependency Upgrades

• Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by @​dependabot in actions/stale#1276
• Upgrade @​types/node from 20.10.3 to 24.2.0 and document breaking changes in v10 by @​dependabot in actions/stale#1280
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @​dependabot in actions/stale#1291
• Upgrade actions/checkout from 4 to 6 by @​dependabot in actions/stale#1306

New Contributors

• @​chiranjib-swain made their first contribution in actions/stale#1300

Full Changelog: actions/stale@v10...v10.1.1

Commits

• 9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
• 5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
• fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
• 39bea7d Add Missing Input Reading for only-issue-types (#1298)
• e46bbab build(deps-dev): bump @​types/node from 20.10.3 to 24.2.0 and document breakin...
• 65d1d48 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (#1276)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions