ci: bump the github-actions group with 9 updates #664

dependabot · 2025-08-26T01:21:08Z

Bumps the github-actions group with 9 updates:

Package	From	To
actions/checkout	`4`	`5`
crate-ci/typos	`1.19.0`	`1.35.5`
codecov/codecov-action	`4`	`5`
chromaui/action	`10`	`13`
contributor-assistant/github-action	`2.3.2`	`2.6.1`
tj-actions/branch-names	`8`	`9`
toshimaru/auto-author-assign	`2.1.0`	`2.1.1`
aquasecurity/trivy-action	`0.18.0`	`0.32.0`
beatlabs/delete-old-branches-action	`0.0.10`	`0.0.11`

Updates actions/checkout from 4 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

Prepare release v4.3.0 by @salmanmkc in actions/checkout#2237

New Contributors

@motss made their first contribution in actions/checkout#1971

@mouismail made their first contribution in actions/checkout#1977

@benwells made their first contribution in actions/checkout#2043

@nebuk89 made their first contribution in actions/checkout#2194

@salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

V4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

... (truncated)

Commits

08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
See full diff in compare view

Updates crate-ci/typos from 1.19.0 to 1.35.5

Release notes

Sourced from crate-ci/typos's releases.

v1.35.5

[1.35.5] - 2025-08-18

Fixes

Fix typo in correction to accidently

Fix typo in correction to dynamincally

Fix typo in correction to interruptability

Fix typo in correction to interruptability

Fix typo in correction to messager

Fix typo in correction to preferables

Fix typo in correction to producibles

Fix typo in correction to restauranteur

Fix typo in correction to restauranteurs

Fix typo in correction to searialize

Fix typo in correction to somethin

Fix typo in correction to unaccessible

Fix typo in correction to unnesessarily

v1.35.4

[1.35.4] - 2025-08-12

Fixes

Fix typo in correction to exctracting

v1.35.3

[1.35.3] - 2025-08-08

Fixes

Don't correct ratatui in Rust files

v1.35.2

[1.35.2] - 2025-08-07

Fixes

Don't correct unmarshaling

v1.35.1

[1.35.1] - 2025-08-04

Fixes

Fix typo in correction to apostroph

Fix typo in correction to cordinate

Fix typo in correction to reproduceability

Fix typo in correction to revolutionss

Fix typo in correction to transivity

... (truncated)

Changelog

Sourced from crate-ci/typos's changelog.

[1.35.5] - 2025-08-18

Fixes

Fix typo in correction to accidently

Fix typo in correction to dynamincally

Fix typo in correction to interruptability

Fix typo in correction to interruptability

Fix typo in correction to messager

Fix typo in correction to preferables

Fix typo in correction to producibles

Fix typo in correction to restauranteur

Fix typo in correction to restauranteurs

Fix typo in correction to searialize

Fix typo in correction to somethin

Fix typo in correction to unaccessible

Fix typo in correction to unnesessarily

[1.35.4] - 2025-08-12

Fixes

Fix typo in correction to exctracting

[1.35.3] - 2025-08-08

Fixes

Don't correct ratatui in Rust files

[1.35.2] - 2025-08-07

Fixes

Don't correct unmarshaling

[1.35.1] - 2025-08-04

Fixes

Fix typo in correction to apostroph

Fix typo in correction to cordinate

Fix typo in correction to reproduceability

Fix typo in correction to revolutionss

Fix typo in correction to transivity

[1.35.0] - 2025-08-04

Features

... (truncated)

Commits

a4c3e43 chore: Release
bc2ad8a docs: Ipdate changelog
d5601e9 chore: Release
3f713a7 Merge pull request #1358 from epage/fixes
3c23c6b fix(dict): Remove incorrect corrections
a67079b chore: Release
83518a5 docs: Update changelog
1f86d7c chore: Release
5191d1f Merge pull request #1355 from epage/exctracting
bb6d8c3 fix(dict): Don't correct to exctracting
Additional commits viewable in compare view

Updates codecov/codecov-action from 4 to 5

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

file (this has been deprecated in favor of files)

plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

binary

gcov_args

gcov_executable

gcov_ignore

gcov_include

report_type

skip_validation

swift_project

You can see their usage in the action.yml file.

What's Changed

chore(deps): bump to eslint9+ and remove eslint-config-google by @thomasrockhu-codecov in codecov/codecov-action#1591

build(deps-dev): bump @octokit/webhooks-types from 7.5.1 to 7.6.1 by @dependabot in codecov/codecov-action#1595

build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in codecov/codecov-action#1604

build(deps-dev): bump @typescript-eslint/parser from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1601

build(deps): bump @actions/core from 1.11.0 to 1.11.1 by @dependabot in codecov/codecov-action#1597

build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @dependabot in codecov/codecov-action#1596

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1600

build(deps-dev): bump eslint from 9.11.1 to 9.12.0 by @dependabot in codecov/codecov-action#1598

build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in codecov/codecov-action#1609

build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in codecov/codecov-action#1608

build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in codecov/codecov-action#1607

build(deps-dev): bump @typescript-eslint/parser from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1612

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1611

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1615

build(deps-dev): bump eslint from 9.12.0 to 9.13.0 by @dependabot in codecov/codecov-action#1618

build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in codecov/codecov-action#1617

build(deps-dev): bump @typescript-eslint/parser from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1614

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1620

build(deps-dev): bump @typescript-eslint/parser from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1619

build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in codecov/codecov-action#1622

build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in codecov/codecov-action#1625

build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in codecov/codecov-action#1624

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.11.0 to 8.12.1 by @dependabot in codecov/codecov-action#1626

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.1 to 8.12.2 by @dependabot in codecov/codecov-action#1629

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING] The following arguments have been changed

file (this has been deprecated in favor of files)

plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

binary

gcov_args

gcov_executable

gcov_ignore

gcov_include

report_type

skip_validation

swift_project

You can see their usage in the action.yml file.

What's Changed

chore(deps): bump to eslint9+ and remove eslint-config-google by @thomasrockhu-codecov in codecov/codecov-action#1591

build(deps-dev): bump @octokit/webhooks-types from 7.5.1 to 7.6.1 by @dependabot in codecov/codecov-action#1595

build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in codecov/codecov-action#1604

build(deps-dev): bump @typescript-eslint/parser from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1601

build(deps): bump @actions/core from 1.11.0 to 1.11.1 by @dependabot in codecov/codecov-action#1597

build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @dependabot in codecov/codecov-action#1596

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1600

build(deps-dev): bump eslint from 9.11.1 to 9.12.0 by @dependabot in codecov/codecov-action#1598

build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in codecov/codecov-action#1609

build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in codecov/codecov-action#1608

build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in codecov/codecov-action#1607

build(deps-dev): bump @typescript-eslint/parser from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1612

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1611

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1615

build(deps-dev): bump eslint from 9.12.0 to 9.13.0 by @dependabot in codecov/codecov-action#1618

build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in codecov/codecov-action#1617

build(deps-dev): bump @typescript-eslint/parser from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1614

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1620

build(deps-dev): bump @typescript-eslint/parser from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1619

build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in codecov/codecov-action#1622

build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in codecov/codecov-action#1625

build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in codecov/codecov-action#1624

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.11.0 to 8.12.1 by @dependabot in codecov/codecov-action#1626

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.1 to 8.12.2 by @dependabot in codecov/codecov-action#1629

build(deps-dev): bump @typescript-eslint/parser from 8.11.0 to 8.12.2 by @dependabot in codecov/codecov-action#1628

... (truncated)

Commits

fdcc847 chore(release): 5.5.0 (#1865)
2b79379 feat: upgrade wrapper to 0.2.4 (#1864)
39a2af1 Pin actions/github-script by Git SHA (#1859)
2db07e3 fix: check reqs exist (#1835)
78f372e fix: Typo in README (#1838)
5ecdce8 docs: Refine OIDC docs (#1837)
15559ed build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 (#1829)
18283e0 chore(release): 5.4.3 (#1827)
525fcbf build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 (#1822)
b203f00 fix: OIDC on forks (#1823)
Additional commits viewable in compare view

Updates chromaui/action from 10 to 13

Commits

58d9ffb v13.1.3
4d8ebd1 v13.1.2
48c5471 v13.1.1
290e004 v13.1.0
b584805 v13.0.1
3378c92 v13.0.0
c50adf8 v12.2.0
8536229 v12.1.1
39708fe v12.1.0
d7afd50 v12.0.0
Additional commits viewable in compare view

Updates contributor-assistant/github-action from 2.3.2 to 2.6.1

Release notes

Sourced from contributor-assistant/github-action's releases.

v2.6.1

What's Changed

Move bot signature outside of recheck text by @kingthorin in contributor-assistant/github-action#163

Full Changelog: contributor-assistant/github-action@v2.6.0...v2.6.1

v2.6.0

What's Changed

Add an option to disable the "recheck" part of the comment by @kingthorin in contributor-assistant/github-action#158

New Contributors

@kingthorin made their first contribution in contributor-assistant/github-action#158

Full Changelog: contributor-assistant/github-action@v2.5.2...v2.6.0

v2.5.2

What's Changed

readme: fix invalid action tag in main snippet by @Tropicao in contributor-assistant/github-action#161

bug fix + remove unwanted files by @ibakshay in contributor-assistant/github-action#162

New Contributors

@Tropicao made their first contribution in contributor-assistant/github-action#161

Full Changelog: contributor-assistant/github-action@v2.5.1...v2.5.2

v2.5.1

What's Changed

Update action.yml by @ibakshay in contributor-assistant/github-action#159

Full Changelog: contributor-assistant/github-action@v2.5.0...v2.5.1

v2.5.0

What's Changed

ci: Node v16 is deprecated by @azzamsa in contributor-assistant/github-action#156

New Contributors

@azzamsa made their first contribution in contributor-assistant/github-action#156

Full Changelog: contributor-assistant/github-action@v2.4.0...v2.5.0

v2.4.0

What's Changed

Update required GITHUB_TOKEN permissions by @pellared in contributor-assistant/github-action#144

Move CLA/DCO bot name into subscript at end of comment by @Holzhaus in contributor-assistant/github-action#140

New Contributors

@pellared made their first contribution in contributor-assistant/github-action#144

@Holzhaus made their first contribution in contributor-assistant/github-action#140

... (truncated)

Commits

ca4a40a Update README.md
5110cc4 docs(contributor): contrib-readme-action has updated readme
ec9e083 Merge pull request #163 from kingthorin/recheck-cond-fix
0230ea8 consistent space placement
5160ea2 Move bot signature outside of recheck text
0fb6942 Update README.md
b1522fa docs(contributor): contrib-readme-action has updated readme
d755a68 Merge pull request #158 from kingthorin/recheck-param
ca58bcf Built
fdca7a0 Update README.md
Additional commits viewable in compare view

Updates tj-actions/branch-names from 8 to 9

Release notes

Sourced from tj-actions/branch-names's releases.

v9

Changes in v9.0.2

What's Changed

Upgraded to v9.0.1 by @github-actions[bot] in tj-actions/branch-names#424

Full Changelog: tj-actions/branch-names@v9...v9.0.2

Changes in v9.0.1

What's Changed

build(deps): bump tj-actions/git-cliff from 1.5.0 to 2.0.2 by @dependabot[bot] in tj-actions/branch-names#422

build(deps): bump codacy/codacy-analysis-cli-action from 4.4.5 to 4.4.7 by @dependabot[bot] in tj-actions/branch-names#421

Full Changelog: tj-actions/branch-names@v9.0.0...v9.0.1

Changes in v9.0.0

What's Changed

Upgraded to v8.2.1 by @github-actions[bot] in tj-actions/branch-names#417

chore: update action.yml by @jackton1 in tj-actions/branch-names#418

Updated README.md by @github-actions[bot] in tj-actions/branch-names#419

security: fix unsafe outputs by @jackton1 in tj-actions/branch-names#420

Full Changelog: tj-actions/branch-names@v8...v9.0.0

v8.2.1

What's Changed

fix: update sync-release-version.yml to sign commits by @jackton1 in tj-actions/branch-names#416

Full Changelog: tj-actions/branch-names@v8.2.0...v8.2.1

v8.2.0

What's Changed

Upgraded to v8.1.0 by @jackton1 in tj-actions/branch-names#410

feat: add support for replace forward slashes with hyphens by @jackton1 in tj-actions/branch-names#412

chore: update update-readme.yml by @jackton1 in tj-actions/branch-names#414

Updated README.md by @github-actions in tj-actions/branch-names#415

New Contributors

@github-actions made their first contribution in tj-actions/branch-names#415

Full Changelog: tj-actions/branch-names@v8...v8.2.0

... (truncated)

Changelog

Sourced from tj-actions/branch-names's changelog.

⬆️ Upgrades

Upgraded from v9.0.0 -> v9.0.1 (#424)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> (c0714e7) - (github-actions[bot])

9.0.1 - (2025-07-26)

👷 CI/CD

deps: Bump codacy/codacy-analysis-cli-action from 4.4.5 to 4.4.7 (#421) (386e117) - (dependabot[bot])

deps: Bump tj-actions/git-cliff from 1.5.0 to 2.0.2 (#422) (2114174) - (dependabot[bot])

9.0.0 - (2025-07-25)

🔄 Update

Updated README.md (#419)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> (f904073) - (github-actions[bot])

⚙️ Miscellaneous Tasks

Update action.yml (#418) (c817961) - (Tonye Jack)

Commits

5250492 Update update-readme.yml
a2bc495 Update update-readme.yml
169ddc1 Update README.md
4d35052 Update README.md
c0714e7 Upgraded from v9.0.0 -> v9.0.1 (#424)
6be34a8 Updated README.md (#423)
386e117 build(deps): bump codacy/codacy-analysis-cli-action from 4.4.5 to 4.4.7 (#421)
2114174 build(deps): bump tj-actions/git-cliff from 1.5.0 to 2.0.2 (#422)
e497ceb security: fix unsafe outputs (#420)
f904073 Updated README.md (#419)
Additional commits viewable in compare view

Updates toshimaru/auto-author-assign from 2.1.0 to 2.1.1

Release notes

Sourced from toshimaru/auto-author-assign's releases.

v2.1.1

What's Changed

This release includes only dependency updates.

Dependencies

build(deps): bump undici from 5.28.2 to 5.28.4 by @dependabot in toshimaru/auto-author-assign#103

Full Changelog: toshimaru/auto-author-assign@v2.1.0...v2.1.1

Changelog

Sourced from toshimaru/auto-author-assign's changelog.

2.1.1 (2024-06-26)

Commits

16f0022 chore(release): 2.1.1
820d194 build(deps): bump undici from 5.28.2 to 5.28.4 (#103)
7709f4b docs: Use v2.1.0
See full diff in compare view

Updates aquasecurity/trivy-action from 0.18.0 to 0.32.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.32.0

What's Changed

chore(deps): Update trivy to v0.64.1 by @aqua-bot in aquasecurity/trivy-action#474

Full Changelog: aquasecurity/trivy-action@0.31.0...0.32.0

v0.31.0

What's Changed

docs: add info that unix:/ prefix is required for docker-host input by @DmitriyLewen in aquasecurity/trivy-action#455

Fix Trivy action inputs leaking between invocations (#422) by @rvesse in aquasecurity/trivy-action#454

Pin aquasecuriy/setup-trivy to hash instead of tag by @lhotari in aquasecurity/trivy-action#456

Bump Trivy version to fix GitHub actions by @maximmasiutin in aquasecurity/trivy-action#460

refactor: use ubuntu 24.04 in example code by @simar7 in aquasecurity/trivy-action#465

ci: fix workflow to bump Trivy by @nikpivkin in aquasecurity/trivy-action#466

chore(deps): Update trivy to v0.63.0 by @aqua-bot in aquasecurity/trivy-action#467

New Contributors

@lhotari made their first contribution in aquasecurity/trivy-action#456

@maximmasiutin made their first contribution in aquasecurity/trivy-action#460

@aqua-bot made their first contribution in aquasecurity/trivy-action#467

Full Changelog: aquasecurity/trivy-action@0.30.0...0.31.0

v0.30.0

What's Changed

fix: Update default trivy version in README by @derrix060 in aquasecurity/trivy-action#444

fix: typo in description of an input for action.yaml by @yutatokoi in aquasecurity/trivy-action#452

Improve README/SBOM by @AB-xdev in aquasecurity/trivy-action#439

chore: bump trivy to v0.60.0 by @nikpivkin in aquasecurity/trivy-action#453

New Contributors

@derrix060 made their first contribution in aquasecurity/trivy-action#444

@yutatokoi made their first contribution in aquasecurity/trivy-action#452

@AB-xdev made their first contribution in aquasecurity/trivy-action#439

Full Changelog: aquasecurity/trivy-action@0.29.0...0.30.0

v0.29.0

What's Changed

feat: Allow skipping setup by @rvesse in aquasecurity/trivy-action#414

Fix oras command not found in "Update Trivy Cache" action by @Tiryoh in aquasecurity/trivy-action#413

Update README.md by @simar7 in aquasecurity/trivy-action#420

feat: add token for setup-trivy by @DmitriyLewen in aquasecurity/trivy-action#421

fix: bump setup-trivy and add new contrib directory path info by @DmitriyLewen in aquasecurity/trivy-action#424

docs: remove ignore-unfixed from IaC scan example by @nikpivkin in aquasecurity/trivy-action#429

chore(dep...
Description has been truncated

Bumps the github-actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [crate-ci/typos](https://github.com/crate-ci/typos) | `1.19.0` | `1.35.5` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `5` | | [chromaui/action](https://github.com/chromaui/action) | `10` | `13` | | [contributor-assistant/github-action](https://github.com/contributor-assistant/github-action) | `2.3.2` | `2.6.1` | | [tj-actions/branch-names](https://github.com/tj-actions/branch-names) | `8` | `9` | | [toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign) | `2.1.0` | `2.1.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.18.0` | `0.32.0` | | [beatlabs/delete-old-branches-action](https://github.com/beatlabs/delete-old-branches-action) | `0.0.10` | `0.0.11` | Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) Updates `crate-ci/typos` from 1.19.0 to 1.35.5 - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](crate-ci/typos@v1.19.0...v1.35.5) Updates `codecov/codecov-action` from 4 to 5 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4...v5) Updates `chromaui/action` from 10 to 13 - [Release notes](https://github.com/chromaui/action/releases) - [Commits](chromaui/action@v10...v13) Updates `contributor-assistant/github-action` from 2.3.2 to 2.6.1 - [Release notes](https://github.com/contributor-assistant/github-action/releases) - [Commits](contributor-assistant/github-action@v2.3.2...v2.6.1) Updates `tj-actions/branch-names` from 8 to 9 - [Release notes](https://github.com/tj-actions/branch-names/releases) - [Changelog](https://github.com/tj-actions/branch-names/blob/main/HISTORY.md) - [Commits](tj-actions/branch-names@v8...v9) Updates `toshimaru/auto-author-assign` from 2.1.0 to 2.1.1 - [Release notes](https://github.com/toshimaru/auto-author-assign/releases) - [Changelog](https://github.com/toshimaru/auto-author-assign/blob/main/CHANGELOG.md) - [Commits](toshimaru/auto-author-assign@v2.1.0...v2.1.1) Updates `aquasecurity/trivy-action` from 0.18.0 to 0.32.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@062f259...dc5a429) Updates `beatlabs/delete-old-branches-action` from 0.0.10 to 0.0.11 - [Release notes](https://github.com/beatlabs/delete-old-branches-action/releases) - [Commits](beatlabs/delete-old-branches-action@v0.0.10...v0.0.11) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: crate-ci/typos dependency-version: 1.35.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: chromaui/action dependency-version: '13' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: contributor-assistant/github-action dependency-version: 2.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: tj-actions/branch-names dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: toshimaru/auto-author-assign dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: beatlabs/delete-old-branches-action dependency-version: 0.0.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-09-01T17:49:50Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Aug 26, 2025

dependabot bot closed this Sep 1, 2025

dependabot bot deleted the dependabot/github_actions/github-actions-5ebecbe397 branch September 1, 2025 17:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci: bump the github-actions group with 9 updates #664

ci: bump the github-actions group with 9 updates #664

Uh oh!

dependabot bot commented on behalf of github Aug 26, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Sep 1, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

ci: bump the github-actions group with 9 updates #664

ci: bump the github-actions group with 9 updates #664

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 26, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.0

What's Changed

New Contributors

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v1.35.5

[1.35.5] - 2025-08-18

Fixes

v1.35.4

[1.35.4] - 2025-08-12

Fixes

v1.35.3

[1.35.3] - 2025-08-08

Fixes

v1.35.2

[1.35.2] - 2025-08-07

Fixes

v1.35.1

[1.35.1] - 2025-08-04

Fixes

[1.35.5] - 2025-08-18

Fixes

[1.35.4] - 2025-08-12

Fixes

[1.35.3] - 2025-08-08

Fixes

[1.35.2] - 2025-08-07

Fixes

[1.35.1] - 2025-08-04

Fixes

[1.35.0] - 2025-08-04

Features

v5.0.0

v5 Release

Migration Guide

What's Changed

v5 Release

Migration Guide

What's Changed

v2.6.1

What's Changed

v2.6.0

What's Changed

New Contributors

v2.5.2

What's Changed

New Contributors

v2.5.1

What's Changed

v2.5.0

What's Changed

New Contributors

v2.4.0

What's Changed

New Contributors

v9

Changes in v9.0.2

dependabot bot commented on behalf of github Aug 26, 2025 •

edited

Loading