Skip to content

chore(deps): bump the github-actions group across 1 directory with 10 updates #2800

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tstirrat15 merged 1 commit into from
Jan 5, 2026
Merged

chore(deps): bump the github-actions group across 1 directory with 10 updates #2800

tstirrat15 merged 1 commit into from
Jan 5, 2026

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 1, 2026

Bumps the github-actions group with 10 updates in the / directory:

Package From To
actions/checkout 5 6
actions/setup-go 6.0.0 6.1.0
actions/cache 4.3.0 5.0.1
codecov/codecov-action 5.5.1 5.5.2
actions/upload-artifact 5.0.0 6.0.0
chainguard-dev/actions 1.5.7 1.5.10
peter-evans/create-pull-request 7 8
docker/setup-qemu-action 3.6.0 3.7.0
docker/setup-buildx-action 3.11.1 3.12.0
shogo82148/actions-upload-release-asset 1.9.1 1.9.2

Updates actions/checkout from 5 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Commits

Updates actions/setup-go from 6.0.0 to 6.1.0

Release notes

Sourced from actions/setup-go's releases.

v6.1.0

What's Changed

Enhancements

Dependency updates

New Contributors

Full Changelog: actions/setup-go@v6...v6.1.0

Commits

Updates actions/cache from 4.3.0 to 5.0.1

Release notes

Sourced from actions/cache's releases.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

v5.0.1

What's Changed

v5.0.0

What's Changed

Full Changelog: actions/cache@v5...v5.0.1

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Full Changelog: actions/cache@v4.3.0...v5.0.0

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

  • Bump @actions/cache to v4.1.0

4.2.4

  • Bump @actions/cache to v4.0.5

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

  • Bump @actions/cache to v4.0.2

4.2.1

  • Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

... (truncated)

Commits
  • 9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
  • 8ff5423 chore: release v5.0.1
  • 9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
  • b975f2b fix: add peer property to package-lock.json for dependencies
  • d0a0e18 fix: update license files for @​actions/cache, fast-xml-parser, and strnum
  • 74de208 fix: update @​actions/cache to ^5.0.1 for Node.js 24 punycode fix
  • ac7f115 peer
  • b0f846b fix: update @​actions/cache with storage-blob fix for Node.js 24 punycode depr...
  • a783357 Merge pull request #1684 from actions/prepare-cache-v5-release
  • 3bb0d78 docs: highlight v5 runner requirement in releases
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.1 to 5.5.2

Release notes

Sourced from codecov/codecov-action's releases.

v5.5.2

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.5.1...v5.5.2

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates actions/upload-artifact from 5.0.0 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Updates chainguard-dev/actions from 1.5.7 to 1.5.10

Release notes

Sourced from chainguard-dev/actions's releases.

v1.5.10

What's Changed

New Contributors

Full Changelog: chainguard-dev/actions@v1.5.9...v1.5.10

v1.5.9

What's Changed

Full Changelog: chainguard-dev/actions@v1.5.8...v1.5.9

v1.5.8

What's Changed

... (truncated)

Commits
  • 3e8a2a2 Bump actions/setup-go from 6.0.0 to 6.1.0 in /setup-melange (#662)
  • 729e62e Bump actions/setup-go from 6.0.0 to 6.1.0 in /boilerplate (#661)
  • 9f06767 Bump actions/setup-go from 6.0.0 to 6.1.0 (#660)
  • e7d70cb Bump actions/checkout from 5.0.1 to 6.0.0 (#659)
  • c088192 setup-knative: Avoid GitHub API when possible (#656)
  • 1816224 Bump reviewdog/action-setup from 1.4.0 to 1.5.0 in /donotsubmit (#652)
  • b143cea Bump reviewdog/action-setup from 1.4.0 to 1.5.0 in /eof-newline (#653)
  • 50ec231 Bump reviewdog/action-setup from 1.4.0 to 1.5.0 in /boilerplate (#651)
  • 0a0d87b Bump reviewdog/action-setup from 1.4.0 to 1.5.0 in /trailing-space (#654)
  • 0727032 Bump chainguard-dev/actions from 1.5.8 to 1.5.9 (#645)
  • Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 7 to 8

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.0.0

What's new in v8

What's Changed

New Contributors

Full Changelog: peter-evans/create-pull-request@v7.0.11...v8.0.0

Create Pull Request v7.0.11

What's Changed

Full Changelog: peter-evans/create-pull-request@v7.0.10...v7.0.11

Create Pull Request v7.0.10

⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.

What's Changed

New Contributors

Full Changelog: peter-evans/create-pull-request@v7.0.9...v7.0.10

Create Pull Request v7.0.9

⚙️ Fixes an incompatibility with the recently released actions/checkout@v6.

What's Changed

New Contributors

... (truncated)

Commits

Updates docker/setup-qemu-action from 3.6.0 to 3.7.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.7.0

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

Commits
  • c7c5346 Merge pull request #230 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 3a517a1 chore: update generated content
  • a5b45ed build(deps): bump @​docker/actions-toolkit from 0.62.1 to 0.67.0
  • 3a64278 Merge pull request #220 from docker/dependabot/npm_and_yarn/brace-expansion-1...
  • 94906ba chore: update generated content
  • 4027abf build(deps): bump brace-expansion from 1.1.11 to 1.1.12
  • bee0aaa Merge pull request #221 from docker/dependabot/npm_and_yarn/tmp-0.2.4
  • 0d7e257 chore: update generated content
  • b869601 build(deps): bump tmp from 0.2.3 to 0.2.4
  • 3a043ed Merge pull request #219 from docker/dependabot/npm_and_yarn/undici-5.29.0
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.11.1 to 3.12.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.12.0

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

Commits
  • 8d2750c Merge pull request #455 from crazy-max/install-deprecated
  • e81846b deprecate install input
  • 65d18f8 Merge pull request #454 from docker/dependabot/github_actions/actions/checkout-6
  • 000d75d build(deps): bump actions/checkout from 5 to 6
  • 1583c0f Merge pull request #443 from nicolasleger/patch-1
  • ed158e7 doc: bump actions/checkout from 4 to 5
  • 4cc794f Merge pull request #441 from docker/dependabot/github_actions/actions/checkout-5
  • 4dfc3d6 build(deps): bump actions/checkout from 4 to 5
  • af1b253 Merge pull request #440 from crazy-max/k3s-build
  • 3c6ab92 ci: k3s test with latest buildx
  • Additional commits viewable in compare view

Updates shogo82148/actions-upload-release-asset from 1.9.1 to 1.9.2

Release notes

Sourced from shogo82148/actions-upload-release-asset's releases.

v1.9.2

What's Changed

@dependabot
chore(deps): bump the github-actions group across 1 directory with 10…
4d8ccee 
… updates

Bumps the github-actions group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `5` | `6` |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.0.0` | `6.1.0` |
| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.1` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.1` | `5.5.2` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5.0.0` | `6.0.0` |
| [chainguard-dev/actions](https://github.com/chainguard-dev/actions) | `1.5.7` | `1.5.10` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7` | `8` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.6.0` | `3.7.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.11.1` | `3.12.0` |
| [shogo82148/actions-upload-release-asset](https://github.com/shogo82148/actions-upload-release-asset) | `1.9.1` | `1.9.2` |



Updates `actions/checkout` from 5 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v5...v6)

Updates `actions/setup-go` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v6...v6.1.0)

Updates `actions/cache` from 4.3.0 to 5.0.1
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0057852...9255dc7)

Updates `codecov/codecov-action` from 5.5.1 to 5.5.2
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@5a10915...671740a)

Updates `actions/upload-artifact` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@330a01c...b7c566a)

Updates `chainguard-dev/actions` from 1.5.7 to 1.5.10
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](chainguard-dev/actions@1b32103...3e8a2a2)

Updates `peter-evans/create-pull-request` from 7 to 8
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@v7...v8)

Updates `docker/setup-qemu-action` from 3.6.0 to 3.7.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@2910929...c7c5346)

Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@e468171...8d2750c)

Updates `shogo82148/actions-upload-release-asset` from 1.9.1 to 1.9.2
- [Release notes](https://github.com/shogo82148/actions-upload-release-asset/releases)
- [Commits](shogo82148/actions-upload-release-asset@59cbc56...8f6863c)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-go
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: chainguard-dev/actions
  dependency-version: 1.5.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: peter-evans/create-pull-request
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-qemu-action
  dependency-version: 3.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 3.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: shogo82148/actions-upload-release-asset
  dependency-version: 1.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner January 1, 2026 18:07
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 1, 2026
@github-actions github-actions bot added the area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) label Jan 1, 2026
tstirrat15
tstirrat15 approved these changes Jan 5, 2026
View reviewed changes
Copy link
Contributor

@tstirrat15 tstirrat15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Impressive that dependabot can do this now.

@tstirrat15 tstirrat15 added this pull request to the merge queue Jan 5, 2026
Merged via the queue into main with commit 39272e3 Jan 5, 2026
43 checks passed
@tstirrat15 tstirrat15 deleted the dependabot/github_actions/github-actions-f15a624f0f branch January 5, 2026 16:15
@github-actions github-actions bot locked and limited conversation to collaborators Jan 5, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@tstirrat15 tstirrat15 tstirrat15 approved these changes

Assignees

No one assigned

Labels

area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tstirrat15