chore(deps): bump the actions group with 9 updates by dependabot[bot] · Pull Request #8 · hyperpolymath/neurophone

dependabot · 2025-12-16T03:15:12Z

Bumps the actions group with 9 updates:

Package	From	To
actions/checkout	`4`	`6`
github/codeql-action	`3`	`4`
actions/first-interaction	`1`	`3`
actions/upload-pages-artifact	`3`	`4`
actions/labeler	`4`	`6`
webfactory/ssh-agent	`0.9.0`	`0.9.1`
codecov/codecov-action	`3`	`5`
ossf/scorecard-action	`2.3.1`	`2.4.3`
actions/stale	`5`	`10`

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Commits

8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
See full diff in compare view

Updates github/codeql-action from 3 to 4

Release notes

Sourced from github/codeql-action's releases.

v3.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v3.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v3.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.5 - 24 Nov 2025

Update default CodeQL bundle version to 2.23.6. #3321

See the full CHANGELOG.md for more information.

v3.31.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.4 - 18 Nov 2025

... (truncated)

Commits

c4efbda Overlay: Check database metadata for overlayBaseSpecifier
dd89143 CodeQL: Add resolveDatabase method
78357d3 Merge pull request #3341 from github/mbg/ci/update-cs-config-cli-tests
d61a6fa Update CLI config test to account for overlay db changes on PRs
ce27e95 Rebuild
43224eb Bump @eslint/eslintrc from 3.3.1 to 3.3.3 in the npm-minor group
f0ac9bf Merge pull request #3337 from github/mergeback/v4.31.6-to-main-fe4161a2
c1ca379 Rebuild
c3455c5 Update changelog and version after v4.31.6
fe4161a Merge pull request #3336 from github/update-v4.31.6-ecec1f887
Additional commits viewable in compare view

Updates actions/first-interaction from 1 to 3

Release notes

Sourced from actions/first-interaction's releases.

v3.0.0

What's Changed

Bump @github/local-action from 2.6.4 to 5.1.0 by @dependabot[bot] in actions/first-interaction#324

Bump eslint-import-resolver-typescript from 3.8.2 to 4.4.4 by @dependabot[bot] in actions/first-interaction#325

Bump the npm-development group with 5 updates by @dependabot[bot] in actions/first-interaction#326

Bump the npm-development group with 7 updates by @dependabot[bot] in actions/first-interaction#333

Bump super-linter/super-linter from 7 to 8 by @dependabot[bot] in actions/first-interaction#328

Bump eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in actions/first-interaction#331

Bump @rollup/rollup-linux-x64-gnu from 4.45.1 to 4.46.2 by @dependabot[bot] in actions/first-interaction#330

Bump @jest/globals from 29.7.0 to 30.0.5 by @dependabot[bot] in actions/first-interaction#332

Bump @octokit/rest from 21.1.1 to 22.0.0 by @dependabot[bot] in actions/first-interaction#329

Add actionlint configuration by @ncalteen in actions/first-interaction#334

Node 24 support by @salmanmkc in actions/first-interaction#327

Prepare release v3.0.0 by @salmanmkc in actions/first-interaction#335

New Contributors

@salmanmkc made their first contribution in actions/first-interaction#327

Full Changelog: actions/first-interaction@v2...v3.0.0

v2.0.0

What's Changed

Installed @actions/core by @TheGuptaEmpire in actions/first-interaction#274

Update README.md by @Alirezaaraby in actions/first-interaction#75

DOC: adjust the example to show a full yaml file by @tacaswell in actions/first-interaction#36

Demonstrate |- multiline YAML string in README by @simonw in actions/first-interaction#16

Update README.md by @nebuk89 in actions/first-interaction#317

Convert from Container to TypeScript Action by @ncalteen in actions/first-interaction#311

Bump @octokit/types from 13.8.0 to 14.1.0 by @dependabot[bot] in actions/first-interaction#323

Bump undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/first-interaction#319

Bump the npm-development group with 16 updates by @dependabot[bot] in actions/first-interaction#320

Bump @actions/github from 6.0.0 to 6.0.1 in the npm-production group by @dependabot[bot] in actions/first-interaction#321

New Contributors

@TheGuptaEmpire made their first contribution in actions/first-interaction#274

@Alirezaaraby made their first contribution in actions/first-interaction#75

@tacaswell made their first contribution in actions/first-interaction#36

@simonw made their first contribution in actions/first-interaction#16

@nebuk89 made their first contribution in actions/first-interaction#317

@ncalteen made their first contribution in actions/first-interaction#311

@dependabot[bot] made their first contribution in actions/first-interaction#323

Full Changelog: actions/first-interaction@v1.3.0...v2.0.0

v1.3.0

Upgrade our base image from node v14 -> v20

Add dependency on @octokit/rest and @actions/http-client.

👉 See the PR for details: actions/first-interaction#287

... (truncated)

Commits

1c46889 Merge pull request #363 from actions/dependabot/npm_and_yarn/npm-development-...
76a99dd Disable checks for dist
2ead13c Bump the npm-development group across 1 directory with 10 updates
2e8e200 Merge pull request #361 from actions/dependabot/npm_and_yarn/rollup/rollup-li...
df55979 Merge pull request #357 from actions/dependabot/npm_and_yarn/octokit/types-15...
c056c18 Bump @rollup/rollup-linux-x64-gnu from 4.50.2 to 4.52.3
dac371d Bump @octokit/types from 14.1.0 to 15.0.0
33689d3 Merge pull request #354 from actions/ncalteen/event
8e69b57 Merge branch 'main' into ncalteen/event
69c5373 Merge pull request #351 from actions/dependabot/npm_and_yarn/github/local-act...
Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 3 to 4

Release notes

Sourced from actions/upload-pages-artifact's releases.

v4.0.0

What's Changed

Potentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by @tsusdere in actions/upload-pages-artifact#102 If you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation

Pin actions/upload-artifact to SHA by @heavymachinery in actions/upload-pages-artifact#127

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

v3.0.1

Changelog

Group tar's output to prevent it from messing up action logs @SilverRainZ (#94)

Update README.md @uiolee (#88)

Bump the non-breaking-changes group with 1 update @dependabot (#92)

Update Dependabot config to group non-breaking changes @JamesMGreene (#91)

Bump actions/checkout from 3 to 4 @dependabot (#76)

See details of all code changes since previous release.

Commits

7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
4cc19c7 Pin actions/upload-artifact to SHA
2d163be Merge pull request #107 from KittyChiu/main
c704843 fix: linted README
9605915 Merge pull request #106 from KittyChiu/kittychiu/update-readme-1
e59cdfe Update README.md
a2d6704 doc: updated usage section in readme
984864e Merge pull request #105 from actions/Jcambass-patch-1
45dc788 Add workflow file for publishing releases to immutable action package
efaad07 Merge pull request #102 from actions/hidden-files
Additional commits viewable in compare view

Updates actions/labeler from 4 to 6

Release notes

Sourced from actions/labeler's releases.

v6.0.0

What's Changed

Add workflow file for publishing releases to immutable action package by @jcambass in actions/labeler#802

Breaking Changes

Upgrade Node.js version to 24 in action and dependencies @salmanmkc in actions/labeler#891 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Dependency Upgrades

Upgrade eslint-config-prettier from 9.0.0 to 9.1.0 by @dependabot[bot] in actions/labeler#711

Upgrade eslint from 8.52.0 to 8.55.0 by @dependabot[bot] in actions/labeler#720

Upgrade @types/jest from 29.5.6 to 29.5.11 by @dependabot[bot] in actions/labeler#719

Upgrade @types/js-yaml from 4.0.8 to 4.0.9 by @dependabot[bot] in actions/labeler#718

Upgrade @typescript-eslint/parser from 6.9.0 to 6.14.0 by @dependabot[bot] in actions/labeler#717

Upgrade prettier from 3.0.3 to 3.1.1 by @dependabot[bot] in actions/labeler#726

Upgrade eslint from 8.55.0 to 8.56.0 by @dependabot[bot] in actions/labeler#725

Upgrade @typescript-eslint/parser from 6.14.0 to 6.19.0 by @dependabot[bot] in actions/labeler#745

Upgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by @dependabot[bot] in actions/labeler#744

Upgrade @typescript-eslint/eslint-plugin from 6.9.0 to 6.20.0 by @dependabot[bot] in actions/labeler#750

Upgrade prettier from 3.1.1 to 3.2.5 by @dependabot[bot] in actions/labeler#752

Upgrade undici from 5.26.5 to 5.28.3 by @dependabot[bot] in actions/labeler#757

Upgrade braces from 3.0.2 to 3.0.3 by @dependabot[bot] in actions/labeler#789

Upgrade minimatch from 9.0.3 to 10.0.1 by @dependabot[bot] in actions/labeler#805

Upgrade @actions/core from 1.10.1 to 1.11.1 by @dependabot[bot] in actions/labeler#811

Upgrade typescript from 5.4.3 to 5.7.2 by @dependabot[bot] in actions/labeler#819

Upgrade @typescript-eslint/parser from 7.3.1 to 8.17.0 by @dependabot[bot] in actions/labeler#824

Upgrade prettier from 3.2.5 to 3.4.2 by @dependabot[bot] in actions/labeler#825

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/labeler#827

Upgrade eslint-plugin-jest from 27.9.0 to 28.9.0 by @dependabot[bot] in actions/labeler#832

Upgrade ts-jest from 29.1.2 to 29.2.5 by @dependabot[bot] in actions/labeler#831

Upgrade @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot[bot] in actions/labeler#830

Upgrade typescript from 5.7.2 to 5.7.3 by @dependabot[bot] in actions/labeler#835

Upgrade eslint-plugin-jest from 28.9.0 to 28.11.0 by @dependabot[bot] in actions/labeler#839

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot[bot] in actions/labeler#842

Upgrade @octokit/request-error from 5.0.1 to 5.1.1 by @dependabot[bot] in actions/labeler#846

Documentation changes

Add note regarding pull_request_target to README.md by @silverwind in actions/labeler#669

Update readme with additional examples and important note about pull_request_target event by @IvanZosimov in actions/labeler#721

Document update - permission section by @harithavattikuti in actions/labeler#840

Improvement in documentation for pull_request_target event usage in README by @suyashgaonkar in actions/labeler#871

Fix broken links in documentation by @suyashgaonkar in actions/labeler#822

New Contributors

@silverwind made their first contribution in actions/labeler#669

@Jcambass made their first contribution in actions/labeler#802

@suyashgaonkar made their first contribution in actions/labeler#822

@HarithaVattikuti made their first contribution in actions/labeler#840

@salmanmkc made their first contribution in actions/labeler#891

... (truncated)

Commits

634933e publish-action upgrade to 0.4.0 from 0.2.2 (#901)
f1a63e8 Update Node.js version to 24 in action and dependencies (#891)
b0a1180 Bump @octokit/request-error from 5.0.1 to 5.1.1 (#846)
110d441 Update README.md (#871)
bee50fe Bump undici from 5.28.4 to 5.28.5 (#842)
6463cdb Bump eslint-plugin-jest from 28.9.0 to 28.11.0 (#839)
c209686 Bump typescript from 5.7.2 to 5.7.3 (#835)
5184940 Bump @vercel/ncc from 0.38.1 to 0.38.3 (#830)
3629d55 Document update - permission section (#840)
d24f7f3 Bump ts-jest from 29.1.2 to 29.2.5 (#831)
Additional commits viewable in compare view

Updates webfactory/ssh-agent from 0.9.0 to 0.9.1

Release notes

Sourced from webfactory/ssh-agent's releases.

v0.9.1

What's Changed

Acknowledge custom command inputs in cleanup.js by @janopae in webfactory/ssh-agent#235

New Contributors

@janopae made their first contribution in webfactory/ssh-agent#235

Full Changelog: webfactory/ssh-agent@v0.9.0...v0.9.1

Changelog

Sourced from webfactory/ssh-agent's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

v0.9.1 [2024-03-17]

Fixed

Fix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (#235)

v0.9.0 [2024-02-06]

Changed

Update all versions of actions/checkout to v4 (#199)

Update to Node 20 (#201)

v0.8.0 [2023-03-24]

Changed

No longer writing GitHub's SSH host keys to known_hosts (#171)

Update to actions/checkout@v3 (#143)

Allow the user to override the commands for git, ssh-agent, and ssh-add (#154)

v0.7.0 [2022-10-19]

Added

Add the log-public-key input that can be used to turn off logging key identities (#122)

Fixed

Fix path to git binary on Windows, assuming GitHub-hosted runners (#136, #137)

Fix a nonsensical log message (#139)

v0.6.0 [2022-10-19]

Changed

Update the version of Node used by the action from 12 to 16 (https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/).

v0.5.4 [2021-11-21]

Fixed

... (truncated)

Commits

a6f90b1 Release v0.9.1
72c0bfd Improve documentation on why we use os.userInfo()
e3f1a8e Acknowledge custom command inputs in cleanup.js (#235)
b504c19 Update CHANGELOG.md
See full diff in compare view

Updates codecov/codecov-action from 3 to 5

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

file (this has been deprecated in favor of files)

plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

binary

gcov_args

gcov_executable

gcov_ignore

gcov_include

report_type

skip_validation

swift_project

You can see their usage in the action.yml file.

What's Changed

chore(deps): bump to eslint9+ and remove eslint-config-google by @thomasrockhu-codecov in codecov/codecov-action#1591

build(deps-dev): bump @octokit/webhooks-types from 7.5.1 to 7.6.1 by @dependabot in codecov/codecov-action#1595

build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in codecov/codecov-action#1604

build(deps-dev): bump @typescript-eslint/parser from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1601

build(deps): bump @actions/core from 1.11.0 to 1.11.1 by @dependabot in codecov/codecov-action#1597

build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @dependabot in codecov/codecov-action#1596

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1600

build(deps-dev): bump eslint from 9.11.1 to 9.12.0 by @dependabot in codecov/codecov-action#1598

build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in codecov/codecov-action#1609

build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in codecov/codecov-action#1608

build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in codecov/codecov-action#1607

build(deps-dev): bump @typescript-eslint/parser from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1612

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1611

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1615

build(deps-dev): bump eslint from 9.12.0 to 9.13.0 by @dependabot in codecov/codecov-action#1618

build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in codecov/codecov-action#1617

build(deps-dev): bump @typescript-eslint/parser from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1614

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1620

build(deps-dev): bump @typescript-eslint/parser from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1619

build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in codecov/codecov-action#1622

build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in codecov/codecov-action#1625

build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in codecov/codecov-action#1624

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.11.0 to 8.12.1 by @dependabot in codecov/codecov-action#1626

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.1 to 8.12.2 by @dependabot in codecov/codecov-action#1629

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING] The following arguments have been changed

file (this has been deprecated in favor of files)

plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

binary

gcov_args

gcov_executable

gcov_ignore

gcov_include

report_type

skip_validation

swift_project

You can see their usage in the action.yml file.

What's Changed

chore(deps): bump to eslint9+ and remove eslint-config-google by @thomasrockhu-codecov in codecov/codecov-action#1591

build(deps-dev): bump @octokit/webhooks-types from 7.5.1 to 7.6.1 by @dependabot in codecov/codecov-action#1595

build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in codecov/codecov-action#1604

build(deps-dev): bump @typescript-eslint/parser from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1601

build(deps): bump @actions/core from 1.11.0 to 1.11.1 by @dependabot in codecov/codecov-action#1597

build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @dependabot in codecov/codecov-action#1596

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1600

build(deps-dev): bump eslint from 9.11.1 to 9.12.0 by @dependabot in codecov/codecov-action#1598

build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in codecov/codecov-action#1609

build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in codecov/codecov-action#1608

build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in codecov/codecov-action#1607

build(deps-dev): bump @typescript-eslint/parser from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1612

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1611

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1615

build(deps-dev): bump eslint from 9.12.0 to 9.13.0 by @dependabot in codecov/codecov-action#1618

build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in codecov/codecov-action#1617

build(deps-dev): bump @typescript-eslint/parser from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1614

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1620

build(deps-dev): bump @typescript-eslint/parser from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1619

build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in codecov/codecov-action#1622

build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in codecov/codecov-action#1625

build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in codecov/codecov-action#1624

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.11.0 to 8.12.1 by @dependabot in codecov/codecov-action#1626

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.1 to 8.12.2 by @dependabot in codecov/codecov-action#1629

build(deps-dev): bump @typescript-eslint/parser from 8.11.0 to 8.12.2 by @dependabot in codecov/codecov-action#1628

... (truncated)

Commits

671740a chore(release): 5.5.2 (#1902)
96b38e9 chore: disable_search alignment (#1881)
9b6d1f8 check gpg only when skip-validation = false (#1894)
5a10915 chore(release): 5.5.1 (#1873)
3e0ce21 fix: overwrite pr number on fork (#1871)
c4741c8 build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1868)
17370e8 build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (#1867)
18fdacf fix: update to use local app/ dir (#1872)
206148c docs: fix typo in README (#1866)
3cb13a1 Document a codecov-cli version reference example (#1774)
Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.3.1 to 2.4.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

docs: clarify GITHUB_TOKEN permissions needed for private repos by @pankajtaneja5 in ossf/scorecard-action#1574

📖 Fix recommended command to test the image in development by @deivid-rodriguez in ossf/scorecard-action#1583

Other

add missing top-level token permissions to workflows by @timothyklee in ossf/scorecard-action#1566

setup codeowners for requesting reviews by @spencerschr... Description has been truncated

Bumps the actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [actions/first-interaction](https://github.com/actions/first-interaction) | `1` | `3` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3` | `4` | | [actions/labeler](https://github.com/actions/labeler) | `4` | `6` | | [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.9.1` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3` | `5` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.4.3` | | [actions/stale](https://github.com/actions/stale) | `5` | `10` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v4...v6) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3...v4) Updates `actions/first-interaction` from 1 to 3 - [Release notes](https://github.com/actions/first-interaction/releases) - [Commits](actions/first-interaction@v1...v3) Updates `actions/upload-pages-artifact` from 3 to 4 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@v3...v4) Updates `actions/labeler` from 4 to 6 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@v4...v6) Updates `webfactory/ssh-agent` from 0.9.0 to 0.9.1 - [Release notes](https://github.com/webfactory/ssh-agent/releases) - [Changelog](https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md) - [Commits](webfactory/ssh-agent@dc588b6...a6f90b1) Updates `codecov/codecov-action` from 3 to 5 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v3...v5) Updates `ossf/scorecard-action` from 2.3.1 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@v2.3.1...v2.4.3) Updates `actions/stale` from 5 to 10 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v5...v10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/first-interaction dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-pages-artifact dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/labeler dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: webfactory/ssh-agent dependency-version: 0.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/stale dependency-version: '10' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 16, 2025

hyperpolymath merged commit 251025c into main Dec 16, 2025
2 of 24 checks passed

hyperpolymath deleted the dependabot/github_actions/actions-667af3f80e branch December 16, 2025 13:48

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the actions group with 9 updates#8

chore(deps): bump the actions group with 9 updates#8
hyperpolymath merged 1 commit into
mainfrom
dependabot/github_actions/actions-667af3f80e

dependabot Bot commented on behalf of github Dec 16, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Dec 16, 2025

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

v3.31.8

CodeQL Action Changelog

3.31.8 - 11 Dec 2025

v3.31.7

CodeQL Action Changelog

3.31.7 - 05 Dec 2025

v3.31.6

CodeQL Action Changelog

3.31.6 - 01 Dec 2025

v3.31.5

CodeQL Action Changelog

3.31.5 - 24 Nov 2025

v3.31.4

CodeQL Action Changelog

3.31.4 - 18 Nov 2025

v3.0.0

What's Changed

New Contributors

v2.0.0

What's Changed

New Contributors

v1.3.0

Upgrade our base image from node v14 -> v20

v4.0.0

What's Changed

v3.0.1

Changelog

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Documentation changes

New Contributors

v0.9.1

What's Changed

New Contributors

Changelog

[Unreleased]

v0.9.1 [2024-03-17]

Fixed

v0.9.0 [2024-02-06]

Changed

v0.8.0 [2023-03-24]

Changed

v0.7.0 [2022-10-19]

Added

Fixed

v0.6.0 [2022-10-19]

Changed

v0.5.4 [2021-11-21]

Fixed

v5.0.0

v5 Release

Migration Guide

What's Changed

v5 Release

Migration Guide

What's Changed

v2.4.3

What's Changed

Documentation

Other

Uh oh!

Uh oh!