Bump oras-project/setup-oras from 1.2.4 to 2.0.0 in /.github/workflows in the github-actions group across 1 directory by dependabot[bot] · Pull Request #77096 · WordPress/gutenberg

dependabot · 2026-04-07T13:19:30Z

Bumps the github-actions group with 1 update in the /.github/workflows directory: oras-project/setup-oras.

Updates oras-project/setup-oras from 1.2.4 to 2.0.0

Release notes

Sourced from oras-project/setup-oras's releases.

v2.0.0

Highlights

Support ORAS CLI v1.3.1

Migrate action runtime from node20 to node24 (#153)

Pin undici to >=6.24.1 to address 5 CVEs: GHSA-f269-vfmq-vjvj, GHSA-2mjp-6q6p-2qxm, GHSA-vrm6-8vpv-qv8q, GHSA-v9p9-hfj2-hcw8, GHSA-4992-7rv2-5pvq

Bump @actions/core from ^2.x to ^3.0.0 (ESM-only)

Bump @actions/tool-cache from ^3.x to ^4.0.0 (ESM-only)

Replace @vercel/ncc with esbuild as the build bundler

What's Changed

Add version 1.3.1 with checksums (#150)

feat: migrate action runtime from node20 to node24 (#153)

fix: pin undici to >=6.24.1 to address CVEs (#157)

chore(deps): bump @actions/core to 3.x and @actions/tool-cache to 4.x (#159)

chore(deps): Bump @actions/core from 1.11.1 to 2.0.1 (#130)

chore(deps): Bump typescript from 5.9.2 to 6.0.2 (#151)

chore(deps): Bump actions/checkout from 5 to 6 (#128)

chore(deps): Bump actions/setup-node from 5 to 6 (#123)

chore(deps): Bump @types/node from 24.12.0 to 25.5.2 (multiple PRs)

Full Changelog: oras-project/setup-oras@v1.2.4...v2.0.0

Commits

38de303 chore: release v2.0.0 (#160)
bbd8d79 chore(deps): bump @actions/core to 3.x and @actions/tool-cache to 4.x (#159)
44d83f3 chore(deps): Bump @types/node from 24.12.0 to 25.5.2 (#158)
dd86831 fix: pin undici to >=6.24.1 to address CVEs (#157)
be45691 feat: migrate action runtime from node20 to node24 (#153)
f0fe559 Add version 1.3.1 with checksums from … (#150)
0db6c65 chore(deps): Bump @types/node from 25.0.3 to 25.5.0 (#149)
8a0db1e chore(deps): Bump typescript from 5.9.3 to 6.0.2 (#151)
bd8ffed chore: add TerryHowe to owners and code owners (#152)
c33dd38 chore(deps): Bump @types/node from 25.0.2 to 25.0.3 (#131)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 1 update in the /.github/workflows directory: [oras-project/setup-oras](https://github.com/oras-project/setup-oras). Updates `oras-project/setup-oras` from 1.2.4 to 2.0.0 - [Release notes](https://github.com/oras-project/setup-oras/releases) - [Commits](oras-project/setup-oras@22ce207...38de303) --- updated-dependencies: - dependency-name: oras-project/setup-oras dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-04-07T14:26:35Z

Flaky tests detected in 8d75a04.
Some tests passed with failed attempts. The failures may not be related to this commit but are still reported for visibility. See the documentation for more information.

🔍 Workflow run URL: https://github.com/WordPress/gutenberg/actions/runs/24083514602
📝 Reported issues:

[Flaky Test] post title and content are editable and blocks can be inserted #76524 in /test/e2e/specs/editor/various/post-content-focus-mode.spec.js
[Flaky Test] should show correct homepage actions based on current homepage or posts page #68892 in /test/e2e/specs/site-editor/homepage-settings.spec.js

github-actions · 2026-04-07T18:29:03Z

The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the props-bot label.

If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message.

Co-authored-by: desrosj <desrosj@git.wordpress.org>

To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook.

Bumps the github-actions group with 1 update in the /.github/workflows directory: [oras-project/setup-oras](https://github.com/oras-project/setup-oras). Updates `oras-project/setup-oras` from 1.2.4 to 2.0.0 - [Release notes](https://github.com/oras-project/setup-oras/releases) - [Commits](oras-project/setup-oras@22ce207...38de303) --- updated-dependencies: - dependency-name: oras-project/setup-oras dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: desrosj <desrosj@git.wordpress.org>

dependabot bot added [Type] Build Tooling Issues or PRs related to build tooling GitHub Actions Pull requests that update GitHub Actions code labels Apr 7, 2026

dependabot bot requested a review from desrosj as a code owner April 7, 2026 13:19

dependabot bot added [Type] Build Tooling Issues or PRs related to build tooling GitHub Actions Pull requests that update GitHub Actions code labels Apr 7, 2026

desrosj approved these changes Apr 7, 2026

View reviewed changes

desrosj merged commit 7144f28 into trunk Apr 7, 2026
56 of 57 checks passed

desrosj deleted the dependabot/github_actions/dot-github/workflows/github-actions-10ba088a30 branch April 7, 2026 18:29

github-actions bot added this to the Gutenberg 23.0 milestone Apr 7, 2026

desrosj added the Backport to WP 7.0 Beta/RC Pull request that needs to be backported to the WordPress major release that's currently in beta label Apr 7, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump oras-project/setup-oras from 1.2.4 to 2.0.0 in /.github/workflows in the github-actions group across 1 directory#77096

Bump oras-project/setup-oras from 1.2.4 to 2.0.0 in /.github/workflows in the github-actions group across 1 directory#77096
desrosj merged 1 commit intotrunkfrom
dependabot/github_actions/dot-github/workflows/github-actions-10ba088a30

dependabot bot commented on behalf of github Apr 7, 2026

Uh oh!

github-actions bot commented Apr 7, 2026

Uh oh!

github-actions bot commented Apr 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Apr 7, 2026

v2.0.0

Highlights

What's Changed

Uh oh!

github-actions bot commented Apr 7, 2026

Uh oh!

github-actions bot commented Apr 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant