Bump the actions group across 4 directories with 11 updates by dependabot[bot] · Pull Request #3756 · expo/eas-cli

dependabot · 2026-05-19T22:19:57Z

Bumps the actions group with 8 updates in the / directory:

Package	From	To
actions/checkout	`2.7.0`	`6.0.2`
tj-actions/changed-files	`b1ba699b304f2083b602164e06a89b868c84f076`	`934b2d2c7e653bb8c968afed5a0428617f09aa24`
actions/github-script	`3.2.0`	`9.0.0`
mshick/add-pr-comment	`2.8.2`	`3.11.0`
tobyhs/codemention	`1.4.0`	`1.5.2`
actions/setup-node	`2.5.2`	`6.4.0`
actions/stale	`4.1.1`	`10.3.0`
codecov/codecov-action	`1.5.2`	`6.0.1`

Bumps the actions group with 1 update in the /.github/actions/setup-mise directory: jdx/mise-action.
Bumps the actions group with 1 update in the /.github/internal-actions/notify-slack-on-fail-or-recover directory: actions/github-script.
Bumps the actions group with 2 updates in the /.github/internal-actions/setup-gcloud directory: google-github-actions/auth and google-github-actions/setup-gcloud.

Updates actions/checkout from 2.7.0 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates tj-actions/changed-files from b1ba699b304f2083b602164e06a89b868c84f076 to 934b2d2c7e653bb8c968afed5a0428617f09aa24

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.6 - (2026-04-18)

🔄 Update

Updated README.md (#2817)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (c23d52b) - (github-actions[bot])

⚙️ Miscellaneous Tasks

deps: Bump lodash from 4.17.23 to 4.18.1 (#2837) (9426d40) - (dependabot[bot])

deps: Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#2843) (32de080) - (dependabot[bot])

deps: Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#2844) (2487d12) - (dependabot[bot])

deps-dev: Bump @types/node from 25.5.0 to 25.6.0 (#2846) (cef85a3) - (dependabot[bot])

deps-dev: Bump prettier from 3.8.1 to 3.8.3 (#2848) (7b082de) - (dependabot[bot])

deps: Bump github/codeql-action from 4.35.1 to 4.35.2 (#2849) (07224ca) - (dependabot[bot])

deps-dev: Bump jest from 30.2.0 to 30.3.0 (#2822) (2bb1357) - (dependabot[bot])

deps: Bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (#2829) (cc98117) - (dependabot[bot])

deps: Bump yaml from 2.8.2 to 2.8.3 (#2830) (786e421) - (dependabot[bot])

deps-dev: Bump eslint-plugin-jest from 29.15.0 to 29.15.1 (#2831) (726b41b) - (dependabot[bot])

deps: Bump github/codeql-action from 4.32.6 to 4.35.1 (#2834) (2c3585e) - (dependabot[bot])

deps: Bump actions/download-artifact from 8.0.0 to 8.0.1 (#2824) (3d37a7f) - (dependabot[bot])

deps-dev: Bump @types/node from 25.3.5 to 25.5.0 (#2825) (445b0eb) - (dependabot[bot])

deps: Bump github/codeql-action from 4.32.5 to 4.32.6 (#2819) (4f892cd) - (dependabot[bot])

deps-dev: Bump @types/node from 25.3.3 to 25.3.5 (#2820) (6118651) - (dependabot[bot])

deps: Bump actions/setup-node from 6.2.0 to 6.3.0 (#2818) (e517d7a) - (dependabot[bot])

⬆️ Upgrades

Upgraded to v47.0.5 (#2816)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (4750530) - (github-actions[bot])

47.0.5 - (2026-03-03)

🔄 Update

Updated README.md (#2805)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> (35dace0) - (github-actions[bot])

Updated README.md (#2803)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (9ee99eb) - (github-actions[bot])

⚙️ Miscellaneous Tasks

... (truncated)

Commits

934b2d2 chore(deps): bump uuid from 13.0.0 to 14.0.0 in the npm_and_yarn group across...
0146bf4 chore(deps-dev): bump @types/node from 25.7.0 to 25.8.0 (#2868)
6b924b1 chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#2862)
c0f1c88 chore(deps-dev): bump jest from 30.3.0 to 30.4.2 (#2865)
179874a chore(deps-dev): bump @types/node from 25.6.0 to 25.7.0 (#2866)
70b968a chore(deps): bump yaml from 2.8.4 to 2.9.0 (#2867)
7dc4d75 chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#2860)
37901fa chore(deps): bump yaml from 2.8.3 to 2.8.4 (#2861)
9d0c65d test: push and merge group support (#2856)
778ca51 chore(deps): bump flatted in the npm_and_yarn group across 1 directory
Additional commits viewable in compare view

Updates actions/github-script from 3.2.0 to 9.0.0

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.

Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.

getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.

If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

Add ACTIONS_ORCHESTRATION_ID to user-agent string by @Copilot in actions/github-script#695

ci: use deployment: false for integration test environments by @salmanmkc in actions/github-script#712

feat!: add getOctokit to script context, upgrade @actions/github v9, @octokit/core v7, and related packages by @salmanmkc in actions/github-script#700

New Contributors

@Copilot made their first contribution in actions/github-script#695

Full Changelog: actions/github-script@v8.0.0...v9.0.0

v8.0.0

What's Changed

Update Node.js version support to 24.x by @salmanmkc in actions/github-script#637

README for updating actions/github-script from v7 to v8 by @sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

@salmanmkc made their first contribution in actions/github-script#637

@sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

Upgrade husky to v9 by @benelan in actions/github-script#482

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/github-script#485

Upgrade IA Publish by @Jcambass in actions/github-script#486

Fix workflow status badges by @joshmgross in actions/github-script#497

Update usage of actions/upload-artifact by @joshmgross in actions/github-script#512

Clear up package name confusion by @joshmgross in actions/github-script#514

Update dependencies with npm audit fix by @joshmgross in actions/github-script#515

Specify that the used script is JavaScript by @timotk in actions/github-script#478

chore: Add Dependabot for NPM and Actions by @nschonni in actions/github-script#472

... (truncated)

Commits

3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
ca10bbd fix: use @octokit/core/types import for v7 compatibility
86e48e2 merge: incorporate main branch changes
c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
ff8117e ci: fix user-agent test to handle orchestration ID
81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
3953caf docs: update README examples from @v8 to @v9, add getOctokit docs and v9 brea...
c17d55b ci: add getOctokit integration test job
a047196 test: add getOctokit integration tests via callAsyncFunction
Additional commits viewable in compare view

Updates mshick/add-pr-comment from 2.8.2 to 3.11.0

Release notes

Sourced from mshick/add-pr-comment's releases.

v3.11.0

3.11.0 (2026-04-23)

Features

add NOW template variable with configurable date format (#193) (87fe9ef)

v3.10.1

3.10.1 (2026-04-23)

Bug Fixes

skip comment creation when deleteOnStatus matches status (#187) (f160eba)

v3.10.0

3.10.0 (2026-04-02)

Features

add truncate-separator input and markdown termination (#184) (6bd445f)

v3.9.1

3.9.1 (2026-03-31)

Bug Fixes

input delete-on-status not declared (#175) (108eeca)

v3.9.0

3.9.0 (2026-03-14)

Features

add library exports for programmatic usage (#169) (277cebd)

v3.8.0

3.8.0 (2026-03-14)

Features

automatic message truncation for oversized comments (#167) (38989f3)

v3.7.0

3.7.0 (2026-03-14)

... (truncated)

Changelog

Sourced from mshick/add-pr-comment's changelog.

Changelog

3.11.0 (2026-04-23)

Features

add NOW template variable with configurable date format (#193) (87fe9ef)

3.10.1 (2026-04-23)

Bug Fixes

skip comment creation when deleteOnStatus matches status (#187) (f160eba)

3.10.0 (2026-04-02)

Features

add truncate-separator input and markdown termination (#184) (6bd445f)

3.9.1 (2026-03-31)

Bug Fixes

input delete-on-status not declared (#175) (108eeca)

3.9.0 (2026-03-14)

Features

add library exports for programmatic usage (#169) (277cebd)

3.8.0 (2026-03-14)

Features

automatic message truncation for oversized comments (#167) (38989f3)

3.7.0 (2026-03-14)

Features

add file attachments via artifacts (#165) (678e340)

... (truncated)

Commits

8e49278 chore(main): release 3.11.0 (#194)
87fe9ef feat: add NOW template variable with configurable date format (#193)
be5d48d chore(main): release 3.10.1 (#191)
14d916e chore(deps): bump fast-xml-parser from 5.5.9 to 5.7.1 in the npm_and_yarn gro...
f160eba fix: skip comment creation when deleteOnStatus matches status (#187)
9302b90 chore(deps): bump vite from 8.0.0 to 8.0.7 in the npm_and_yarn group across 1...
4191f5b chore(deps): bump lodash from 4.17.23 to 4.18.1 in the npm_and_yarn group acr...
64b8e91 chore(main): release 3.10.0 (#185)
6bd445f feat: add truncate-separator input and markdown termination (#184)
e7516d7 ci: publish to npm (#182)
Additional commits viewable in compare view

Updates tobyhs/codemention from 1.4.0 to 1.5.2

Release notes

Sourced from tobyhs/codemention's releases.

v1.5.2

Show a warning in the comment body when using the deprecated commentConfiguration.preamble or commentConfiguration.epilogue options (14c10ab8528ed556c3b92f205e7b5aa03e7b187c)

v1.5.1

Add a warning annotation when using the deprecated commentConfiguration.preamble or commentConfiguration.epilogue options (7f8529520599d84e82cd5144c6f5e6cacf1039af)

v1.5.0

Add a commentConfiguration.template option so users can provide a Handlebars template for the comment body (#28)

Match dot files by default by specifying the dot option of micromatch (ebc06a68aaf279b7f62463de0c69bea5149ea7e7)

Deprecated

The commentConfiguration.preamble and commentConfiguration.epilogue options are deprecated. Use commentConfiguration.template instead.

Commits

14c10ab Show preamble/epilogue deprecation in comment body
9064cd1 Use npm ci instead of npm install in test workflow
bf5c6ac Change TypeScript outDir to dist
cfdcbc9 Convert codebase to ESM
f4d3cd9 Upgrade .node-version to 20.20.0
414882b Fix imports to compatible with ESM-only packages
ef762b2 Upgrade libraries that depend on undici
f14d118 Merge pull request #33 from tobyhs/dependabot/github_actions/actions/cache-5
eb1e768 Bump actions/cache from 4 to 5
99dec36 Upgrade js-yaml (child dep of istanbuljs/load-nyc-config)
Additional commits viewable in compare view

Updates actions/setup-node from 2.5.2 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

Upgrade @actions dependencies by @Copilot in actions/setup-node#1525

Update Node.js versions in versions.yml and bump package to v6.4.0 by @priya-kinthali in actions/setup-node#1533

New Contributors

@Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

v6.3.0

What's Changed

Enhancements:

Support parsing devEngines field by @susnux in actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

Fix npm audit issues by @gowridurgad in actions/setup-node#1491

Replace uuid with crypto.randomUUID() by @trivikr in actions/setup-node#1378

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-node#1498

Bug fixes:

Remove hardcoded bearer for mirror-url @marco-ippolito in actions/setup-node#1467

Scope test lockfiles by package manager and update cache tests by @gowridurgad in actions/setup-node#1495

New Contributors

@susnux made their first contribution in actions/setup-node#1283

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

What's Changed

Documentation

Documentation update related to absence of Lockfile by @mahabaleshwars in actions/setup-node#1454

Correct mirror option typos by @MikeMcC399 in actions/setup-node#1442

Readme update on checkout version v6 by @deining in actions/setup-node#1446

Readme typo fixes @munyari in actions/setup-node#1226

Advanced document update on checkout version v6 by @aparnajyothi-y in actions/setup-node#1468

Dependency updates:

Upgrade @actions/cache to v5.0.1 by @salmanmkc in actions/setup-node#1449

New Contributors

@mahabaleshwars made their first contribution in actions/setup-node#1454

@MikeMcC399 made their first contribution in actions/setup-node#1442

@deining made their first contribution in actions/setup-node#1446

... (truncated)

Commits

48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
ab72c7e Upgrade @actions dependencies (#1525)
53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
54045ab Scope test lockfiles by package manager and update cache tests (#1495)
c882bff Replace uuid with crypto.randomUUID() (#1378)
774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
efcb663 fix: remove hardcoded bearer (#1467)
d02c89d Fix npm audit issues (#1491)
6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
8e49463 Fix README typo (#1226)
Additional commits viewable in compare view

Updates actions/stale from 4.1.1 to 10.3.0

Release notes

Sourced from actions/stale's releases.

v10.3.0

What's Changed

Bug Fix

Enhancement: ignore stale labeling events by @shamoon in actions/stale#1311

Dependency Updates

Upgrade dependencies (@actions/core, @octokit/plugin-retry, @typescript-eslint) by @Copilot in actions/stale#1335

New Contributors

@shamoon made their first contribution in actions/stale#1311

Full Changelog: actions/stale@v10...v10.3.0

v10.2.0

What's Changed

Bug Fix

Fix checking state cache (fix #1136) and switch to Octokit helper methods by @itchyny in actions/stale#1152

Dependency Updates

Upgrade js-yaml from 4.1.0 to 4.1.1 by @dependabot in actions/stale#1304

Upgrade lodash from 4.17.21 to 4.17.23 by @dependabot in actions/stale#1313

Upgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from 5.1.1 to 7.0.0 by @chiranjib-swain in actions/stale#1312

New Contributors

@itchyny made their first contribution in actions/stale#1152

Full Changelog: actions/stale@v10...v10.2.0

v10.1.1

What's Changed

Bug Fix

Add Missing Input Reading for only-issue-types by @Bibo-Joshi in actions/stale#1298

Improvement

Improves error handling when rate limiting is disabled on GHES. by @chiranjib-swain in actions/stale#1300

Dependency Upgrades

Upgrade eslint-config-prettier from 8.10.0 to 10.1.8 by @dependabot in actions/stale#1276

Upgrade @types/node from 20.10.3 to 24.2.0 and document breaking changes in v10 by @dependabot in actions/stale#1280

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in actions/stale#1291

Upgrade actions/checkout from 4 to 6 by @dependabot in actions/stale#1306

New Contributors

@chiranjib-swain made their first contribution in actions/stale#1300

Full Changelog: actions/stale@v10...v10.1.1

v10.1.0

What's Changed

... (truncated)

Commits

eb5cf3a chore: upgrade dependencies and bump version to 10.3.0 (#1335)
db5d06a Enhancement: ignore stale labeling events (#1311)
b5d41d4 build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1313)
dcd2b94 Fix punycode and url.parse Deprecation Warnings (#1312)
d6f8a33 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1304)
a21a081 Fix checking state cache (fix #1136), also switch to octokit methods (#1152)
9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
39bea7d Add Missing Input Reading for only-issue-types (#1298)
Additional commits viewable in compare view

Updates codecov/codecov-action from 1.5.2 to 6.0.1

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.1

What's Changed

fix: prevent template injection in run: steps (VULN-1652) by @thomasrockhu-codecov in codecov/codecov-action#1947

chore(release): 6.0.1 by @thomasrockhu-codecov in codecov/codecov-action#1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @thomasrockhu-codecov in codecov/codecov-action#1929

Th/6.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @thomasrockhu-codecov in codecov/codecov-action#1926

chore(release): 5.5.4 by @thomasrockhu-codecov in codecov/codecov-action#1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] in c...
Description has been truncated

Bumps the actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `2.7.0` | `6.0.2` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `b1ba699b304f2083b602164e06a89b868c84f076` | `934b2d2c7e653bb8c968afed5a0428617f09aa24` | | [actions/github-script](https://github.com/actions/github-script) | `3.2.0` | `9.0.0` | | [mshick/add-pr-comment](https://github.com/mshick/add-pr-comment) | `2.8.2` | `3.11.0` | | [tobyhs/codemention](https://github.com/tobyhs/codemention) | `1.4.0` | `1.5.2` | | [actions/setup-node](https://github.com/actions/setup-node) | `2.5.2` | `6.4.0` | | [actions/stale](https://github.com/actions/stale) | `4.1.1` | `10.3.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `1.5.2` | `6.0.1` | Bumps the actions group with 1 update in the /.github/actions/setup-mise directory: [jdx/mise-action](https://github.com/jdx/mise-action). Bumps the actions group with 1 update in the /.github/internal-actions/notify-slack-on-fail-or-recover directory: [actions/github-script](https://github.com/actions/github-script). Bumps the actions group with 2 updates in the /.github/internal-actions/setup-gcloud directory: [google-github-actions/auth](https://github.com/google-github-actions/auth) and [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud). Updates `actions/checkout` from 2.7.0 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2.7.0...de0fac2) Updates `tj-actions/changed-files` from b1ba699b304f2083b602164e06a89b868c84f076 to 934b2d2c7e653bb8c968afed5a0428617f09aa24 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@b1ba699...934b2d2) Updates `actions/github-script` from 3.2.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v3.2.0...3a2844b) Updates `mshick/add-pr-comment` from 2.8.2 to 3.11.0 - [Release notes](https://github.com/mshick/add-pr-comment/releases) - [Changelog](https://github.com/mshick/add-pr-comment/blob/main/CHANGELOG.md) - [Commits](mshick/add-pr-comment@b8f338c...8e49278) Updates `tobyhs/codemention` from 1.4.0 to 1.5.2 - [Release notes](https://github.com/tobyhs/codemention/releases) - [Commits](tobyhs/codemention@bb6bfb2...14c10ab) Updates `actions/setup-node` from 2.5.2 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@7c12f80...48b55a0) Updates `actions/stale` from 4.1.1 to 10.3.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@a20b814...eb5cf3a) Updates `codecov/codecov-action` from 1.5.2 to 6.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@29386c7...e79a696) Updates `actions/github-script` from 3.2.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v3.2.0...3a2844b) Updates `jdx/mise-action` from 3.5.1 to 4.0.1 - [Release notes](https://github.com/jdx/mise-action/releases) - [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md) - [Commits](jdx/mise-action@146a281...1648a78) Updates `actions/github-script` from 6.4.1 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v3.2.0...3a2844b) Updates `actions/github-script` from 6.4.1 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v3.2.0...3a2844b) Updates `google-github-actions/auth` from 2.1.13 to 3.0.0 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@c200f36...7c6bc77) Updates `google-github-actions/setup-gcloud` from 2.2.1 to 3.0.1 - [Release notes](https://github.com/google-github-actions/setup-gcloud/releases) - [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md) - [Commits](google-github-actions/setup-gcloud@e427ad8...aa5489c) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/stale dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: google-github-actions/auth dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: google-github-actions/setup-gcloud dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: jdx/mise-action dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: mshick/add-pr-comment dependency-version: 3.11.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: tj-actions/changed-files dependency-version: 934b2d2c7e653bb8c968afed5a0428617f09aa24 dependency-type: direct:production dependency-group: actions - dependency-name: tobyhs/codemention dependency-version: 1.5.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 19, 2026

dependabot Bot mentioned this pull request May 19, 2026

Bump the actions group across 4 directories with 11 updates #3719

Closed

dependabot Bot force-pushed the dependabot/github_actions/actions-bc58cb92ed branch from 4ef9269 to 65648f9 Compare May 26, 2026 18:02

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions group across 4 directories with 11 updates#3756

Bump the actions group across 4 directories with 11 updates#3756
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-bc58cb92ed

dependabot Bot commented on behalf of github May 19, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

Changelog

47.0.6 - (2026-04-18)

🔄 Update

⚙️ Miscellaneous Tasks

⬆️ Upgrades

47.0.5 - (2026-03-03)

🔄 Update

⚙️ Miscellaneous Tasks

v9.0.0

What's Changed

New Contributors

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

New Contributors

v7.1.0

What's Changed

v3.11.0

3.11.0 (2026-04-23)

Features

v3.10.1

3.10.1 (2026-04-23)

Bug Fixes

v3.10.0

3.10.0 (2026-04-02)

Features

v3.9.1

3.9.1 (2026-03-31)

Bug Fixes

v3.9.0

3.9.0 (2026-03-14)

Features

v3.8.0

3.8.0 (2026-03-14)

Features

v3.7.0

3.7.0 (2026-03-14)

Changelog

3.11.0 (2026-04-23)

Features

3.10.1 (2026-04-23)

Bug Fixes

3.10.0 (2026-04-02)

Features

3.9.1 (2026-03-31)

Bug Fixes

3.9.0 (2026-03-14)

Features

3.8.0 (2026-03-14)

Features

3.7.0 (2026-03-14)

dependabot Bot commented on behalf of github May 19, 2026 •

edited

Loading