Bump the github-actions group across 1 directory with 7 updates by dependabot[bot] · Pull Request #869 · HDFGroup/hdf4

dependabot · 2026-04-01T13:10:26Z

Bumps the github-actions group with 7 updates in the / directory:

Package	From	To
actions/download-artifact	`7.0.0`	`8.0.1`
actions/upload-artifact	`6`	`7`
EndBug/add-and-commit	`9.1.4`	`10.0.0`
ssciwr/doxygen-install	`1`	`2`
azure/trusted-signing-action	`1.0.0`	`1.2.0`
aws-actions/configure-aws-credentials	`5`	`6`
softprops/action-gh-release	`2.5.0`	`2.6.1`

Updates actions/download-artifact from 7.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Support for CJK characters in the artifact name by @danwkennedy in actions/download-artifact#471

Add a regression test for artifact name + content-type mismatches by @danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Don't attempt to un-zip non-zipped downloads by @danwkennedy in actions/download-artifact#460

Add a setting to specify what to do on hash mismatch and default it to error by @danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits

3e5f45b Add regression tests for CJK characters (#471)
e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
f258da9 Add change docs
ccc058e Fix linting issues
bd7976b Add a setting to specify what to do on hash mismatch and default it to error
ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
15999bf Add note about package bumps
974686e Bump the version to v8 and add release notes
fbe48b1 Update test names to make it clearer what they do
Additional commits viewable in compare view

Updates actions/upload-artifact from 6 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
See full diff in compare view

Updates EndBug/add-and-commit from 9.1.4 to 10.0.0

Release notes

Sourced from EndBug/add-and-commit's releases.

v10.0.0

What's Changed

chore(deps-dev): bump husky from 8.0.3 to 9.0.6 by @dependabot[bot] in EndBug/add-and-commit#617

chore(deps-dev): bump @typescript-eslint/parser from 6.19.0 to 6.19.1 by @dependabot[bot] in EndBug/add-and-commit#618

chore(deps-dev): bump prettier from 3.2.4 to 3.2.5 by @dependabot[bot] in EndBug/add-and-commit#619

chore(deps-dev): bump @typescript-eslint/eslint-plugin from 6.19.1 to 6.21.0 by @dependabot[bot] in EndBug/add-and-commit#623

chore(deps-dev): bump @typescript-eslint/parser from 6.19.1 to 6.21.0 by @dependabot[bot] in EndBug/add-and-commit#624

chore(deps-dev): bump husky from 9.0.6 to 9.0.11 by @dependabot[bot] in EndBug/add-and-commit#626

chore: switch to GTS for linting by @EndBug in EndBug/add-and-commit#636

chore(deps-dev): bump gts from 5.2.0 to 5.3.0 by @dependabot[bot] in EndBug/add-and-commit#637

chore(deps-dev): bump typescript from 5.2.2 to 5.4.5 by @dependabot[bot] in EndBug/add-and-commit#639

chore(deps-dev): bump gts from 5.3.0 to 5.3.1 by @dependabot[bot] in EndBug/add-and-commit#642

chore(deps-dev): bump braces from 3.0.2 to 3.0.3 by @dependabot[bot] in EndBug/add-and-commit#641

chore(deps-dev): bump typescript from 5.4.5 to 5.5.2 by @dependabot[bot] in EndBug/add-and-commit#644

Adds examples of input arrays. by @tommie in EndBug/add-and-commit#645

chore(deps-dev): bump typescript from 5.5.2 to 5.5.3 by @dependabot[bot] in EndBug/add-and-commit#649

docs: add tommie as a contributor for doc by @allcontributors[bot] in EndBug/add-and-commit#647

chore(deps-dev): bump husky from 9.0.11 to 9.1.1 by @dependabot[bot] in EndBug/add-and-commit#650

chore(deps-dev): bump typescript from 5.5.3 to 5.5.4 by @dependabot[bot] in EndBug/add-and-commit#653

chore(deps-dev): bump husky from 9.1.1 to 9.1.4 by @dependabot[bot] in EndBug/add-and-commit#655

chore(deps-dev): bump husky from 9.1.4 to 9.1.5 by @dependabot[bot] in EndBug/add-and-commit#659

chore(deps-dev): bump husky from 9.1.5 to 9.1.6 by @dependabot[bot] in EndBug/add-and-commit#660

chore(deps-dev): bump typescript from 5.5.4 to 5.6.2 by @dependabot[bot] in EndBug/add-and-commit#661

chore(deps-dev): bump @vercel/ncc from 0.38.1 to 0.38.2 by @dependabot[bot] in EndBug/add-and-commit#662

chore(deps): bump @actions/core from 1.10.1 to 1.11.1 by @dependabot[bot] in EndBug/add-and-commit#663

chore(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot[bot] in EndBug/add-and-commit#664

chore(deps-dev): bump gts from 5.3.1 to 6.0.0 by @dependabot[bot] in EndBug/add-and-commit#665

chore(deps-dev): bump gts from 6.0.0 to 6.0.2 by @dependabot[bot] in EndBug/add-and-commit#666

chore(deps-dev): bump @vercel/ncc from 0.38.2 to 0.38.3 by @dependabot[bot] in EndBug/add-and-commit#669

chore(deps): bump cross-spawn by @dependabot[bot] in EndBug/add-and-commit#670

docs: add icemac as a contributor for doc by @allcontributors[bot] in EndBug/add-and-commit#674

chore(deps-dev): bump husky from 9.1.6 to 9.1.7 by @dependabot[bot] in EndBug/add-and-commit#672

chore(deps-dev): bump typescript from 5.6.3 to 5.7.2 by @dependabot[bot] in EndBug/add-and-commit#671

chore(deps-dev): bump typescript from 5.7.2 to 5.7.3 by @dependabot[bot] in EndBug/add-and-commit#676

chore(deps-dev): bump eslint-config-prettier from 9.1.0 to 10.0.1 by @dependabot[bot] in EndBug/add-and-commit#677

chore(deps-dev): bump eslint-config-prettier from 10.0.1 to 10.0.2 by @dependabot[bot] in EndBug/add-and-commit#678

chore(deps-dev): bump typescript from 5.7.3 to 5.8.2 by @dependabot[bot] in EndBug/add-and-commit#679

chore(deps-dev): bump eslint-config-prettier from 10.0.2 to 10.1.1 by @dependabot[bot] in EndBug/add-and-commit#680

chore(deps-dev): bump typescript from 5.8.2 to 5.8.3 by @dependabot[bot] in EndBug/add-and-commit#681

chore(deps-dev): bump eslint-config-prettier from 10.1.1 to 10.1.2 by @dependabot[bot] in EndBug/add-and-commit#682

chore(deps-dev): bump eslint-config-prettier from 10.1.2 to 10.1.5 by @dependabot[bot] in EndBug/add-and-commit#683

chore(deps-dev): bump eslint-config-prettier from 10.1.5 to 10.1.8 by @dependabot[bot] in EndBug/add-and-commit#686

ci(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in EndBug/add-and-commit#688

ci(deps): bump actions/setup-node from 4 to 5 by @dependabot[bot] in EndBug/add-and-commit#690

chore(deps-dev): bump @vercel/ncc from 0.38.3 to 0.38.4 by @dependabot[bot] in EndBug/add-and-commit#691

chore(deps-dev): bump typescript from 5.8.3 to 5.9.3 by @dependabot[bot] in EndBug/add-and-commit#694

ci(deps): bump actions/setup-node from 5 to 6 by @dependabot[bot] in EndBug/add-and-commit#697

ci(deps): bump github/codeql-action from 3 to 4 by @dependabot[bot] in EndBug/add-and-commit#696

Removes the redundant JSON array parsing. by @tommie in EndBug/add-and-commit#652

docs: add tommie as a contributor for code, and test by @allcontributors[bot] in EndBug/add-and-commit#699

... (truncated)

Commits

290ea2c 10.0.0
5190a0a docs: prepare for v10
9ac3878 chore: npm audit fix
7b015bd docs: add CodeReaper as a contributor for maintenance (#723)
300836d chore(deps-dev): bump flatted from 3.3.3 to 3.4.2 (#722)
f6e20ed feat!: use node version 24 (#720)
6280653 chore(deps-dev): bump jest from 30.2.0 to 30.3.0 (#721)
1539a6a chore(deps): bump @actions/core from 2.0.2 to 3.0.0 (#716)
af611dd chore(deps): bump minimatch (#718)
2df77c1 chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#712)
Additional commits viewable in compare view

Updates ssciwr/doxygen-install from 1 to 2

Release notes

Sourced from ssciwr/doxygen-install's releases.

v2.0.0

Now offers both ARM and Intel builds for MacOS. As a consequence, only those official releases that provide these binaries will work. If you do not pin an older version of Doxygen or do not use it on MacOS, you are unaffected. Also bumps the default version of Doxygen to v1.16.1.

v1.6.4

No release notes provided.

v1.6.3

Full Changelog: ssciwr/doxygen-install@v1.6.2...v1.6.3

v1.6.2

Full Changelog: ssciwr/doxygen-install@v1.6.1...v1.6.2

v1.6.1

Full Changelog: ssciwr/doxygen-install@v1.6.0...v1.6.1

v1.6.0

Full Changelog: ssciwr/doxygen-install@v1.5.0...v1.6.0

v1.5.0

Full Changelog: ssciwr/doxygen-install@v1...v1.5.0

v1.4.0

What's Changed

Clean up after installation by @TendTo in ssciwr/doxygen-install#3

New Contributors

@TendTo made their first contribution in ssciwr/doxygen-install#3

Full Changelog: ssciwr/doxygen-install@v1.3.0...v1.4.0

v1.3.0

What's Changed

Bump to v1.10.0 by @dokempf in ssciwr/doxygen-install#1

v1.2.0

Full Changelog: ssciwr/doxygen-install@v1.1.0...v1.2.0

v1.1.0

Bumps the default version to Doxygen v1.9.7

Commits

329d88f Rewrite tag script for v2
bcf5ce7 Merge pull request #10 from TendTo/patch-1
812139d fix: silent fallback to default MacOS version
See full diff in compare view

Updates azure/trusted-signing-action from 1.0.0 to 1.2.0

Release notes

Sourced from azure/trusted-signing-action's releases.

v1.2.0

What's Changed

docs: update examples to remove azps session by @Jaxelr in Azure/artifact-signing-action#123

refactor: disable az credential types by default except cli and env vars by @Jaxelr in Azure/artifact-signing-action#122

Update internal actions/cache to v5.0.4 by @DamianEdwards in Azure/artifact-signing-action#126

New Contributors

@DamianEdwards made their first contribution in Azure/artifact-signing-action#126

Full Changelog: Azure/artifact-signing-action@v1.1.0...v1.2.0

v1.1.0

What's Changed

docs: update README example to use artifact-signing-action@v1 by @Jaxelr in Azure/artifact-signing-action#111

docs: update usage examples by @Jaxelr in Azure/artifact-signing-action#113

chore: update code owners to artifact signing team by @Jaxelr in Azure/artifact-signing-action#118

docs: update lack of support for win arm by @Jaxelr in Azure/artifact-signing-action#117

chore: upgrade cache-action to version 4.3.0 by @Jaxelr in Azure/artifact-signing-action#116

feat: check runner prior to execution by @Jaxelr in Azure/artifact-signing-action#120

Full Changelog: Azure/artifact-signing-action@v1...v1.1.0

Commits

b443cf8 Update internal actions/cache to v5.0.4 (#126)
6c581eb refactor: disable az credential types by default except cli and env vars (#122)
dd27d98 docs: update examples to remove azps session (#123)
87c2e83 feat: check runner prior to execution (#120)
d15bd92 chore: upgrade cache-action to version 4.3.0 (#116)
2eddbb3 docs: update lack of support for win arm (#117)
f3a110b chore: update code owners to artifact signing team (#118)
6d98e55 docs: update usage examples (#113)
bf773a7 docs: update README example to use artifact-signing-action@v1 (#111)
See full diff in compare view

Updates aws-actions/configure-aws-credentials from 5 to 6

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.0.0

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Update action to use node24 Note this requires GitHub action runner version v2.327.1 or later (#1632) (a7a2c11)

Features

add support to define transitive tag keys (#1316) (232435c) (930ebd9)

Bug Fixes

properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

v5.1.1

5.1.1 (2025-11-24)

Miscellaneous Chores

release 5.1.1 (56d6a58)

various dependency updates

v5.1.0

5.1.0 (2025-10-06)

Features

Add global timeout support (#1487) (1584b8b)

add no-proxy support (#1482) (dde9b22)

Improve debug logging in retry logic (#1485) (97ef425)

Bug Fixes

properly expose getProxyForUrl (introduced in #1482) (#1486) (cea4298)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

5.1.0 (2025-10-06)

Features

Add global timeout support (#1487) (1584b8b)

add no-proxy support (#1482) (dde9b22)

Improve debug logging in retry logic (#1485) (97ef425)

Bug Fixes

properly expose getProxyForUrl (introduced in #1482) (#1486) (cea4298)

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)

Cleanup input handling. Changes invalid boolean input behavior (see #1445) (74b3e27)

support account id allowlist (#1456) (c4be498)

4.3.1 (2025-08-04)

Bug Fixes

update readme to 4.3.1 (#1424) (be2e7ad)

4.3.0 (2025-08-04)

Features

depenency update and feature cleanup (#1414) (59489ba), closes #1062 #1191

Optional environment variable output (c3b3ce6)

Bug Fixes

docs: readme samples versioning (5b3c895)

the wrong example region for China partition in README (37fe9a7)

properly set proxy environment variable (cbea708)

... (truncated)

Commits

8df5847 chore(deps): bump fast-xml-parser and @aws-sdk/xml-builder (#1640)
d22a0f8 chore(deps-dev): bump @types/node from 25.0.10 to 25.2.0 (#1635)
f7b8181 chore(main): release 6.0.0 (#1641)
c367a6a chore: integ tests manual option (#1639)
7ceaf96 fix: correct outputs for role chaining (#1633)
a7a2c11 feat!: update action to use node24 (#1632)
6e3375d chore: remove release-please release automation (#1631)
98abed7 chore: add workflow_dispatch trigger to release workflow (#1630)
bf3adbb chore: Update dist
db43b8b chore: re-run linter
Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.5.0 to 2.6.1

Release notes

Sourced from softprops/action-gh-release's releases.

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

fix: preserve discussion category on publish by @chenrui333 in softprops/action-gh-release#765

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Exciting New Features 🎉

feat: support previous_tag for generate_release_notes by @pocesar in softprops/action-gh-release#372

Bug fixes 🐛

fix: recover concurrent asset metadata 404s by @chenrui333 in softprops/action-gh-release#760

Other Changes 🔄

docs: clarify reused draft release behavior by @chenrui333 in softprops/action-gh-release#759

docs: clarify working_directory input by @chenrui333 in softprops/action-gh-release#761

ci: verify dist bundle freshness by @chenrui333 in softprops/action-gh-release#762

fix: clarify immutable prerelease uploads by @chenrui333 in softprops/action-gh-release#763

v2.5.3

2.5.3 is a patch release focused on the remaining path-handling and release-selection bugs uncovered after 2.5.2. It fixes [#639](https://github.com/softprops/action-gh-release/issues/639), [#571](https://github.com/softprops/action-gh-release/issues/571), [#280](https://github.com/softprops/action-gh-release/issues/280), [#614](https://github.com/softprops/action-gh-release/issues/614), [#311](https://github.com/softprops/action-gh-release/issues/311), [#403](https://github.com/softprops/action-gh-release/issues/403), and [#368](https://github.com/softprops/action-gh-release/issues/368). It also adds documentation clarifications for [#541](https://github.com/softprops/action-gh-release/issues/541), [#645](https://github.com/softprops/action-gh-release/issues/645), [#542](https://github.com/softprops/action-gh-release/issues/542), [#393](https://github.com/softprops/action-gh-release/issues/393), and [#411](https://github.com/softprops/action-gh-release/issues/411), where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

fix: preserve discussion category on publish by @chenrui333 in softprops/action-gh-release#765

2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Exciting New Features 🎉

feat: support previous_tag for generate_release_notes by @pocesar in softprops/action-gh-release#372

Bug fixes 🐛

fix: recover concurrent asset metadata 404s by @chenrui333 in softprops/action-gh-release#760

Other Changes 🔄

docs: clarify reused draft release behavior by @chenrui333 in softprops/action-gh-release#759

docs: clarify working_directory input by @chenrui333 in softprops/action-gh-release#761

ci: verify dist bundle freshness by @chenrui333 in softprops/action-gh-release#762

fix: clarify immutable prerelease uploads by @chenrui333 in softprops/action-gh-release#763

2.5.3

2.5.3 is a patch release focused on the remaining path-handling and release-selection bugs uncovered after 2.5.2. It fixes [#639](https://github.com/softprops/action-gh-release/issues/639), [#571](https://github.com/softprops/action-gh-release/issues/571), [#280](https://github.com/softprops/action-gh-release/issues/280), [#614](https://github.com/softprops/action-gh-release/issues/614), [#311](https://github.com/softprops/action-gh-release/issues/311), [#403](https://github.com/softprops/action-gh-release/issues/403), and [#368](https://github.com/softprops/action-gh-release/issues/368). It also adds documentation clarifications for [#541](https://github.com/softprops/action-gh-release/issues/541), [#645](https://github.com/softprops/action-gh-release/issues/645), [#542](https://github.com/softprops/action-gh-release/issues/542), [#393](https://github.com/softprops/action-gh-release/issues/393), and [#411](https://github.com/softprops/action-gh-release/issues/411), where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

... (truncated)

Commits

153bb8e release 2.6.1
569deb8 fix: preserve discussion category when publishing releases (#765)
26e8ad2 release 2.6.0
b959f31 fix: clarify immutable prerelease uploads (#763)
8a8510e ci: verify dist bundle freshness (#762)
438c15d docs: clarify working_directory input (#761)
6ca3b5d fix: recover concurrent asset metadata 404s (#760)
11f9176 chore: add RELEASE.md
1f3f350 feat: add AGENTS.md
37819cb docs: clarify reused draft release behavior (#759)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` | | [EndBug/add-and-commit](https://github.com/endbug/add-and-commit) | `9.1.4` | `10.0.0` | | [ssciwr/doxygen-install](https://github.com/ssciwr/doxygen-install) | `1` | `2` | | [azure/trusted-signing-action](https://github.com/azure/trusted-signing-action) | `1.0.0` | `1.2.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `5` | `6` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `2.6.1` | Updates `actions/download-artifact` from 7.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@37930b1...3e5f45b) Updates `actions/upload-artifact` from 6 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v6...v7) Updates `EndBug/add-and-commit` from 9.1.4 to 10.0.0 - [Release notes](https://github.com/endbug/add-and-commit/releases) - [Commits](EndBug/add-and-commit@a94899b...290ea2c) Updates `ssciwr/doxygen-install` from 1 to 2 - [Release notes](https://github.com/ssciwr/doxygen-install/releases) - [Commits](ssciwr/doxygen-install@v1...v2) Updates `azure/trusted-signing-action` from 1.0.0 to 1.2.0 - [Release notes](https://github.com/azure/trusted-signing-action/releases) - [Commits](Azure/artifact-signing-action@v1.0.0...v1.2.0) Updates `aws-actions/configure-aws-credentials` from 5 to 6 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@v5...v6) Updates `softprops/action-gh-release` from 2.5.0 to 2.6.1 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@v2.5.0...v2.6.1) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: EndBug/add-and-commit dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: ssciwr/doxygen-install dependency-version: '2' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: azure/trusted-signing-action dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 2.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 1, 2026

dependabot Bot requested review from bmribler, brtnfld, byrnHDF, derobins, fortnern, glennsong09, jhendersonHDF, lrknox, mattjala, schwehr and vchoi-hdfgroup as code owners April 1, 2026 13:10

lrknox approved these changes Apr 1, 2026

View reviewed changes

lrknox merged commit 2e2d26a into master Apr 1, 2026
57 checks passed

dependabot Bot deleted the dependabot/github_actions/github-actions-d7ef2cb3e6 branch April 1, 2026 21:25

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the github-actions group across 1 directory with 7 updates#869

Bump the github-actions group across 1 directory with 7 updates#869
lrknox merged 1 commit intomasterfrom
dependabot/github_actions/github-actions-d7ef2cb3e6

dependabot Bot commented on behalf of github Apr 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Apr 1, 2026

v8.0.1

What's Changed

v8.0.0

v8 - What's new

Direct downloads

Enforced checks (breaking)

ESM

What's Changed

v7.0.0

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

v10.0.0

What's Changed

v2.0.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.0

What's Changed

New Contributors

v1.3.0

What's Changed

v1.2.0

v1.1.0

v1.2.0

What's Changed

New Contributors

v1.1.0

What's Changed

v6.0.0

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Features

Bug Fixes

v5.1.1

5.1.1 (2025-11-24)

Miscellaneous Chores

v5.1.0

5.1.0 (2025-10-06)

Features

Bug Fixes

5.1.0 (2025-10-06)

Features

Bug Fixes

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Features

4.3.1 (2025-08-04)

Bug Fixes

4.3.0 (2025-08-04)

Features

Bug Fixes

v2.6.1

What's Changed

Bug fixes 🐛

v2.6.0

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

v2.5.3

What's Changed

2.6.1

What's Changed

Bug fixes 🐛

2.6.0

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

2.5.3