chore: bump the all-dependencies group across 1 directory with 16 updates by dependabot[bot] · Pull Request #3445 · BoundaryML/baml

dependabot · 2026-05-01T05:23:25Z

Bumps the all-dependencies group with 16 updates in the / directory:

Package	From	To
actions/checkout	`4`	`6`
astral-sh/setup-uv	`5`	`7`
actions/setup-python	`5`	`6`
aws-actions/configure-aws-credentials	`4`	`6`
jdx/mise-action	`2`	`4`
actions/upload-artifact	`4`	`7`
gradle/actions	`4`	`6`
actions/download-artifact	`4`	`8`
actions/cache	`4`	`5`
pnpm/action-setup	`4`	`6`
actions/setup-node	`4`	`6`
infisical/secrets-action	`1.0.9`	`1.0.16`
peter-evans/create-pull-request	`6`	`8`
softprops/action-gh-release	`2`	`3`
codecov/codecov-action	`5.4.3`	`6.0.0`
actions/setup-go	`5`	`6`

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates astral-sh/setup-uv from 5 to 7

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.2.1 🌈 update known checksums up to 0.9.28

Changes

🧰 Maintenance

chore: update known checksums for 0.9.28 @github-actions[bot] (#744)

chore: update known checksums for 0.9.27 @github-actions[bot] (#742)

chore: update known checksums for 0.9.26 @github-actions[bot] (#734)

chore: update known checksums for 0.9.25 @github-actions[bot] (#733)

chore: update known checksums for 0.9.24 @github-actions[bot] (#730)

📚 Documentation

Clarify impact of using actions/setup-python @eifinger (#732)

⬆️ Dependency updates

Bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 @dependabot[bot] (#741)

v7.0.0 🌈 node24 and a lot of bugfixes

Changes

This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.

This release also removes the deprecated input server-url which was used to download uv releases from a different server. The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.

Fixes

The action now respects when the environment variable UV_CACHE_DIR is already set and does not overwrite it. It now also finds cache-dir settings in config files if you set them.

Some users encountered problems that cache pruning took forever because they had some uv processes running in the background. Starting with uv version 0.8.24 this action uses uv cache prune --ci --force to ignore the running processes

If you just want to install uv but not have it available in path, this action now respects UV_NO_MODIFY_PATH

Some other actions also set the env var UV_CACHE_DIR. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.

Improvements

If you are using minimum version specifiers for the version of uv to install for example
[tool.uv]
required-version = ">=0.8.17"
This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo to determine the highest matching candidate for the version specifier, which took much more time.

If you are using other specifiers like 0.8.x this action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.

🚨 Breaking changes

... (truncated)

Commits

37802ad Fetch uv from Astral's mirror by default (#809)
9f00d18 chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (#808)
fd8f376 Switch to ESM for source and test, use CommonJS for dist (#806)
f9070de Bump deps (#805)
cadb67b chore: update known checksums for 0.10.10 (#804)
e06108d Use astral-sh/versions as primary version provider (#802)
0f6ec07 docs: replace copilot instructions with AGENTS.md (#794)
821e5c9 docs: add cross-client dependabot rollup skill (#793)
6ee6290 chore(deps): bump versions (#792)
9f332a1 Add riscv64 architecture support to platform detection (#791)
Additional commits viewable in compare view

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Workflow updates related to Ubuntu 20.04 by @aparnajyothi-y in actions/setup-python#1065

Fix for Candidate Not Iterable Error by @aparnajyothi-y in actions/setup-python#1082

Upgrade semver and @types/semver by @dependabot in actions/setup-python#1091

Upgrade prettier from 2.8.8 to 3.5.3 by @dependabot in actions/setup-python#1046

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-python#1081

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Support free threaded Python versions like '3.13t' by @colesbury in actions/setup-python#973

Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade @action/cache from 4.0.0 to 4.0.3 by @priya-kinthali in actions/setup-python#1056

Add support for .tool-versions file in setup-python by @mahabaleshwars in actions/setup-python#1043

Bug fixes:

Fix architecture for pypy on Linux ARM64 by @mayeut in actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.

... (truncated)

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 4 to 6

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.0.0

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Update action to use node24 Note this requires GitHub action runner version v2.327.1 or later (#1632) (a7a2c11)

Features

add support to define transitive tag keys (#1316) (232435c) (930ebd9)

Bug Fixes

properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

v5.1.1

5.1.1 (2025-11-24)

Miscellaneous Chores

release 5.1.1 (56d6a58)

various dependency updates

v5.1.0

5.1.0 (2025-10-06)

Features

Add global timeout support (#1487) (1584b8b)

add no-proxy support (#1482) (dde9b22)

Improve debug logging in retry logic (#1485) (97ef425)

Bug Fixes

properly expose getProxyForUrl (introduced in #1482) (#1486) (cea4298)

v5.0.0

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

... (truncated)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

6.1.0 (2026-04-06)

Features

add skip cleanup option (#1716) (11b1c58), closes #1545

Support usage of AWS Profiles (#1696) (a7f0c82)

Commits

d979d5b chore: release 6.1.1 (#1757)
d4a9acd chore: Update dist
fc44f4a chore(deps): bump @aws-sdk/client-sts from 3.1033.0 to 3.1038.0 (#1749)
0b8336f chore: Update dist
8c5bf33 chore(deps-dev): bump @aws-sdk/credential-provider-env (#1751)
53df0c1 chore: Update dist
c2c5582 chore(deps): bump @smithy/node-http-handler from 4.6.0 to 4.6.1 (#1750)
bd0031d chore(deps): bump postcss from 8.5.6 to 8.5.12 (#1752)
6ab499a chore(deps-dev): bump @biomejs/biome from 2.4.12 to 2.4.13 (#1747)
bc94895 chore(deps-dev): bump @biomejs/biome from 2.4.11 to 2.4.12 (#1739)
Additional commits viewable in compare view

Updates jdx/mise-action from 2 to 4

Release notes

Sourced from jdx/mise-action's releases.

v4.0.0: Node.js 24 Runtime

A major version bump that updates the action's runtime from Node.js 20 to Node.js 24. GitHub has deprecated Node.js 20 for Actions and will force Node.js 24 as the default starting June 2, 2026. This release proactively adopts the new runtime to eliminate deprecation warnings and ensure continued compatibility.

Breaking Changes
The action now runs on the Node.js 24 runtime instead of Node.js 20. If your workflow pins jdx/mise-action@v3, you will continue to see deprecation warnings. Update to jdx/mise-action@v4 to resolve them:
- uses: jdx/mise-action@v4
This should be a seamless upgrade for the vast majority of users — no configuration changes are needed beyond updating the version reference.
Changed

Updated GitHub Actions runtime from Node.js 20 to Node.js 24 by @tumerorkun in #395 (fixes #394)

New Contributors

@tumerorkun made their first contribution in #395

Full Changelog: jdx/mise-action@v3...v4.0.0

v3.6.3

What's Changed

fix: pass cwd to all exec calls in exportMiseEnv() by @andrewthauer in jdx/mise-action#390

chore: release v3.6.3 by @mise-en-dev in jdx/mise-action#391

New Contributors

@andrewthauer made their first contribution in jdx/mise-action#390

Full Changelog: jdx/mise-action@v3.6.2...v3.6.3

v3.6.2

What's Changed

chore(deps): update dependency prettier to v3.8.1 by @renovate[bot] in jdx/mise-action#368

chore(deps): update dependency @types/node to v24.10.9 by @renovate[bot] in jdx/mise-action#367

chore(deps): update github/codeql-action digest to 439137e by @renovate[bot] in jdx/mise-action#370

chore(deps): lock file maintenance by @renovate[bot] in jdx/mise-action#372

chore(deps): update autofix-ci/action digest to 7a166d7 by @renovate[bot] in jdx/mise-action#375

chore(deps): update actions/checkout digest to de0fac2 by @renovate[bot] in jdx/mise-action#374

chore(deps): lock file maintenance by @renovate[bot] in jdx/mise-action#377

chore(deps): update github/codeql-action digest to b5ebac6 by @renovate[bot] in jdx/mise-action#378

chore(deps): update dependency @types/node to v24.10.13 by @renovate[bot] in jdx/mise-action#379

chore(deps): update github/codeql-action digest to f5c2471 by @renovate[bot] in jdx/mise-action#380

fix: move file_hash to end of cache key template to prevent prefix matching by @altendky in jdx/mise-action#384

chore(deps): update dependency @types/handlebars to v4.1.0 by @renovate[bot] in jdx/mise-action#381

chore(deps): lock file maintenance by @renovate[bot] in jdx/mise-action#386

chore(deps): update github/codeql-action digest to 4558047 by @renovate[bot] in jdx/mise-action#387

chore(deps): lock file maintenance by @renovate[bot] in jdx/mise-action#389

chore: release v3.6.2 by @mise-en-dev in jdx/mise-action#385

New Contributors

... (truncated)

Changelog

Sourced from jdx/mise-action's changelog.

4.0.1 - 2026-03-22

🐛 Bug Fixes

run npm install in pre-commit hook before build (#410) by @jdx in #410

🚜 Refactor

extract getCwd() helper to deduplicate working directory resolution (#403) by @altendky in #403

📚 Documentation

bump versions listed im README.md (#407) by @deining in #407

bump more versions listed in README.md (#408) by @deining in #408

⚙️ Miscellaneous Tasks

add workflow to auto-close stale PRs (#409) by @jdx in #409

New Contributors

@deining made their first contribution in #408

4.0.0 - 2026-03-13

🚀 Features

breaking Update Node.js version from 20 to 24 (#395) by @tumerorkun in #395

New Contributors

@tumerorkun made their first contribution in #395

3.6.3 - 2026-03-06

🐛 Bug Fixes

pass cwd to all exec calls in exportMiseEnv() (#390) by @andrewthauer in #390

New Contributors

@andrewthauer made their first contribution in #390

3.6.2 - 2026-03-02

🐛 Bug Fixes

... (truncated)

Commits

1648a78 chore: release v4.0.1 (#406)
e2d499c ci: add workflow to auto-close stale PRs (#409)
0cc0f19 fix: run npm install in pre-commit hook before build (#410)
89c67a3 docs: bump more versions listed in README.md (#408)
0409dde docs: bump versions listed im README.md (#407)
abadabd refactor: extract getCwd() helper to deduplicate working directory resolution...
c5b2043 chore(deps): update github/codeql-action digest to 603b797 (#404)
71c0f0a chore(deps): lock file maintenance (#400)
c1ecc8f chore: release v4.0.0 (#398)
1cbe8c5 chore(deps): update github/codeql-action digest to 820e316 (#397)
Additional commits viewable in compare view

Updates actions/upload-artifact from 4 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Upload Artifact Node 24 support by @salmanmkc in actions/upload-artifact#719

fix: update @actions/artifact for Node.js 24 punycode deprecation by @salmanmkc in actions/upload-artifact#744

prepare release v6.0.0 for Node.js 24 support by @salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @GhadimiR in actions/upload-artifact#681

Update README.md by @nebuk89 in actions/upload-artifact#712

Readme: spell out the first use of GHES by @danwkennedy in actions/upload-artifact#727

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/upload-artifact#725

Bump @actions/artifact to v4.0.0

Prepare v5.0.0 by @danwkennedy in actions/upload-artifact#734

... (truncated)

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
e516bc8 docs: correct description of Node.js 24 support in README
Additional commits viewable in compare view

Updates gradle/actions from 4 to 6

Release notes

Sourced from gradle/actions's releases.

v6.0.0

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

Caching functionality of 'gradle-actions' has been extracted into a separate gradle-actions-caching library, and is no longer open-source. See this blog post for more context.

Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in gradle-actions-caching.

Dependencies updated to address security vulnerabilities

[!IMPORTANT]

Licensing notice

The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License. The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at https://gradle.com/legal/terms-of-use/.

The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.

Use of the `gradle-actions-caching` component is subject to a separate license, available at https://gradle.com/legal/terms-of-use/. If you do not agree to these license terms, do not use the `gradle-actions-caching` component.

What's Changed

Bump the npm-dependencies group in /sources with 2 updates by @dependabot[bot] in gradle/actions#866

Update known wrapper checksums by @github-actions[bot] in gradle/actions#868

Dependency updates by @bigdaz in gradle/actions#876

Update known wrapper checksums by @github-actions[bot] in gradle/actions#878

Bump @types/node from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by @dependabot[bot] in gradle/actions#877

Bump the github-actions group across 3 directories with 3 updates by @dependabot[bot] in gradle/actions#867

Update known wrapper checksums by @github-actions[bot] in gradle/actions#881

Bump the npm-dependencies group in /sources with 6 updates by @dependabot[bot] in gradle/actions#879

Bump the github-actions group across 3 directories with 5 updates by @dependabot[bot] in gradle/actions#880

Remove configuration-cache support by @bigdaz in gradle/actions#884

Extract caching logic into a separate gradle-actions-caching component by @bigdaz in gradle/actions#885

Update gradle-actions-caching library to v0.3.0 by @bot-githubaction in gradle/actions#899

Avoid windows shutdown bug by @bigdaz in gradle/actions#900

Dependency updates by @bigdaz in gradle/actions#905

Fix critical and high npm vulnerabilities by @bigdaz in gradle/actions#904

Fix rendering of job-disabled message by @bigdaz in gradle/actions#909

Full Changelog: gradle/actions@v5.0.2...v6.0.0

v5.0.2

Summary

Th...
Description has been truncated

vercel · 2026-05-01T05:23:31Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
baml-website-redesign	Error		May 15, 2026 6:55pm
beps	Ready	Preview, Comment	May 15, 2026 6:55pm
promptfiddle	Ready	Preview, Comment	May 15, 2026 6:55pm
promptfiddle2	Ready	Preview, Comment	May 15, 2026 6:55pm

github-actions · 2026-05-01T05:24:57Z

🏗️ Building BEPs preview... (run 25934901204)

github-actions · 2026-05-01T05:37:39Z

Binary size checks failed

❌ 1 violations · ✅ 6 passed

⚠️ Please fix the size gate issues or acknowledge them by updating baselines.

	Artifact	Platform	Gzip	Baseline	Delta	Status
❌	`bridge_cffi`	Linux	6.6 MB	6.4 MB	+155.0 KB (+2.4%)	FAIL
✅	`bridge_cffi-stripped`	Linux	5.6 MB	5.7 MB	-48.8 KB (-0.9%)	OK
✅	`bridge_cffi`	macOS	5.4 MB	5.1 MB	+329.2 KB (+6.5%)	OK
✅	`bridge_cffi-stripped`	macOS	4.6 MB	4.7 MB	-48.9 KB (-1.0%)	OK
✅	`bridge_cffi`	Windows	5.4 MB	5.1 MB	+287.1 KB (+5.6%)	OK
✅	`bridge_cffi-stripped`	Windows	4.7 MB	4.7 MB	+24.3 KB (+0.5%)	OK
✅	`bridge_wasm`	WASM	3.6 MB	3.5 MB	+45.3 KB (+1.3%)	OK

Details & how to fix

Violations:

bridge_cffi (Linux) gzip_bytes: 6.6 MB exceeds limit of 6.5 MB (exceeded by +90.8 KB, policy: max_gzip_bytes)

Add/update baselines:

.ci/size-gate/x86_64-unknown-linux-gnu.toml:

[artifacts.bridge_cffi]
file_bytes = 17662944
stripped_bytes = 17662936
gzip_bytes = 6590776

Generated by cargo size-gate · workflow run

codspeed-hq · 2026-05-01T05:49:34Z

Merging this PR will degrade performance by 18.18%

⚠️

Unknown Walltime execution environment detected

Using the Walltime instrument on standard Hosted Runners will lead to inconsistent data.

For the most accurate results, we recommend using CodSpeed Macro Runners: bare-metal machines fine-tuned for performance measurement consistency.

❌ 4 regressed benchmarks
✅ 15 untouched benchmarks

⚠️ Please fix the performance issues or acknowledge them on CodSpeed.

Performance Changes

	Mode	Benchmark	`BASE`	`HEAD`	Efficiency
❌	WallTime	`engine_init_cost`	4.5 ms	5.6 ms	-18.18%
❌	WallTime	`vm_field_access_50k`	9.1 ms	10.3 ms	-11.8%
❌	WallTime	`vm_fib_20`	7.1 ms	8.2 ms	-13.35%
❌	WallTime	`vm_nested_loop`	7.5 ms	8.3 ms	-10.45%

_{Comparing dependabot/github_actions/canary/all-dependencies-3f2e198334 (704a1dd) with canary (6f3b4ee)}

…ates Bumps the all-dependencies group with 16 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `5` | `7` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4` | `6` | | [jdx/mise-action](https://github.com/jdx/mise-action) | `2` | `4` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [gradle/actions](https://github.com/gradle/actions) | `4` | `6` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` | | [actions/cache](https://github.com/actions/cache) | `4` | `5` | | [pnpm/action-setup](https://github.com/pnpm/action-setup) | `4` | `6` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | | [infisical/secrets-action](https://github.com/infisical/secrets-action) | `1.0.9` | `1.0.16` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `6` | `8` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.4.3` | `6.0.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `astral-sh/setup-uv` from 5 to 7 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@v5...v7) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `aws-actions/configure-aws-credentials` from 4 to 6 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@v4...v6) Updates `jdx/mise-action` from 2 to 4 - [Release notes](https://github.com/jdx/mise-action/releases) - [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md) - [Commits](jdx/mise-action@v2...v4) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v7) Updates `gradle/actions` from 4 to 6 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](gradle/actions@v4...v6) Updates `actions/download-artifact` from 4 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v8) Updates `actions/cache` from 4 to 5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4...v5) Updates `pnpm/action-setup` from 4 to 6 - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v4...v6) Updates `actions/setup-node` from 4 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v6) Updates `infisical/secrets-action` from 1.0.9 to 1.0.16 - [Release notes](https://github.com/infisical/secrets-action/releases) - [Commits](Infisical/secrets-action@v1.0.9...v1.0.16) Updates `peter-evans/create-pull-request` from 6 to 8 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v6...v8) Updates `softprops/action-gh-release` from 2 to 3 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@v2...v3) Updates `codecov/codecov-action` from 5.4.3 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@18283e0...57e3a13) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: astral-sh/setup-uv dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: aws-actions/configure-aws-credentials dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: gradle/actions dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: infisical/secrets-action dependency-version: 1.0.16 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-dependencies - dependency-name: jdx/mise-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: peter-evans/create-pull-request dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: pnpm/action-setup dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 1, 2026

vercel Bot had a problem deploying to Preview – baml-website-redesign May 1, 2026 05:23 Failure

dependabot Bot had a problem deploying to boundary-tools-dev May 1, 2026 05:24 Failure

vercel Bot deployed to Preview – beps May 1, 2026 05:24 View deployment

vercel Bot deployed to Preview – promptfiddle May 1, 2026 05:47 View deployment

dependabot Bot force-pushed the dependabot/github_actions/canary/all-dependencies-3f2e198334 branch from 669f9ab to 20acf95 Compare May 1, 2026 16:19

vercel Bot had a problem deploying to Preview – baml-website-redesign May 1, 2026 16:19 Failure

dependabot Bot had a problem deploying to boundary-tools-dev May 1, 2026 16:20 Failure

vercel Bot deployed to Preview – beps May 1, 2026 16:20 View deployment

vercel Bot deployed to Preview – promptfiddle May 1, 2026 16:39 View deployment

dependabot Bot force-pushed the dependabot/github_actions/canary/all-dependencies-3f2e198334 branch from 20acf95 to c8ed4ad Compare May 6, 2026 00:57

dependabot Bot had a problem deploying to boundary-tools-dev May 6, 2026 00:58 Failure

vercel Bot deployed to Preview – beps May 6, 2026 00:58 View deployment

vercel Bot deployed to Preview – promptfiddle May 6, 2026 01:16 View deployment

dependabot Bot force-pushed the dependabot/github_actions/canary/all-dependencies-3f2e198334 branch from c8ed4ad to 36c6f1e Compare May 7, 2026 23:37

dependabot Bot had a problem deploying to boundary-tools-dev May 7, 2026 23:37 Failure

dependabot Bot had a problem deploying to boundary-tools-dev May 8, 2026 03:57 Failure

vercel Bot deployed to Preview – beps May 8, 2026 03:57 View deployment

vercel Bot deployed to Preview – promptfiddle May 8, 2026 04:14 View deployment

dependabot Bot force-pushed the dependabot/github_actions/canary/all-dependencies-3f2e198334 branch from cde3102 to 704a1dd Compare May 8, 2026 09:36

dependabot Bot had a problem deploying to boundary-tools-dev May 8, 2026 09:36 Failure

vercel Bot deployed to Preview – beps May 8, 2026 09:37 View deployment

vercel Bot deployed to Preview – promptfiddle May 8, 2026 09:54 View deployment

dependabot Bot force-pushed the dependabot/github_actions/canary/all-dependencies-3f2e198334 branch from 704a1dd to f4ec862 Compare May 9, 2026 16:53

dependabot Bot had a problem deploying to boundary-tools-dev May 9, 2026 16:53 Failure

vercel Bot deployed to Preview – beps May 9, 2026 16:54 View deployment

vercel Bot deployed to Preview – promptfiddle May 9, 2026 17:11 View deployment

dependabot Bot force-pushed the dependabot/github_actions/canary/all-dependencies-3f2e198334 branch from f4ec862 to 3324537 Compare May 9, 2026 17:47

dependabot Bot had a problem deploying to boundary-tools-dev May 9, 2026 17:48 Failure

vercel Bot deployed to Preview – beps May 9, 2026 17:48 View deployment

vercel Bot deployed to Preview – promptfiddle May 9, 2026 18:06 View deployment

dependabot Bot force-pushed the dependabot/github_actions/canary/all-dependencies-3f2e198334 branch from 3324537 to c89c0cb Compare May 15, 2026 18:36

dependabot Bot had a problem deploying to boundary-tools-dev May 15, 2026 18:37 Failure

vercel Bot deployed to Preview – beps May 15, 2026 18:37 View deployment

vercel Bot deployed to Preview – promptfiddle2 May 15, 2026 18:55 View deployment

vercel Bot deployed to Preview – promptfiddle May 15, 2026 18:55 View deployment

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump the all-dependencies group across 1 directory with 16 updates#3445

chore: bump the all-dependencies group across 1 directory with 16 updates#3445
dependabot[bot] wants to merge 1 commit into
canaryfrom
dependabot/github_actions/canary/all-dependencies-3f2e198334

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading

Uh oh!

vercel Bot commented May 1, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 1, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 1, 2026 •

edited

Loading

Uh oh!

codspeed-hq Bot commented May 1, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v7.2.1 🌈 update known checksums up to 0.9.28

Changes

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

v7.0.0 🌈 node24 and a lot of bugfixes

Changes

Fixes

Improvements

🚨 Breaking changes

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.6.0

What's Changed

v5.5.0

What's Changed

Enhancements:

Bug fixes:

v6.0.0

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Features

Bug Fixes

v5.1.1

5.1.1 (2025-11-24)

Miscellaneous Chores

v5.1.0

5.1.0 (2025-10-06)

Features

Bug Fixes

v5.0.0

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Features

6.1.0 (2026-04-06)

Features

v4.0.0: Node.js 24 Runtime

Breaking Changes

Changed

New Contributors

v3.6.3

What's Changed

New Contributors

v3.6.2

What's Changed

New Contributors

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading

vercel Bot commented May 1, 2026 •

edited

Loading

github-actions Bot commented May 1, 2026 •

edited

Loading

github-actions Bot commented May 1, 2026 •

edited

Loading

codspeed-hq Bot commented May 1, 2026 •

edited

Loading