ci(deps): bump the actions group with 13 updates by dependabot[bot] · Pull Request #35 · inferadb/engine

dependabot · 2025-12-04T04:59:58Z

Bumps the actions group with 13 updates:

Package	From	To
actions/checkout	`5.0.0`	`6.0.1`
Swatinem/rust-cache	`2.8.0`	`2.8.2`
taiki-e/install-action	`2.62.46`	`2.62.62`
EnricoMi/publish-unit-test-result-action	`2.17.1`	`2.21.0`
codecov/codecov-action	`5.1.1`	`5.5.1`
softprops/action-gh-release	`2.4.1`	`2.5.0`
slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml	`f701310a334f5d712a8869541c8e19ecb4eefc24`	`a09dd8c05eda63cace134cb7dccd7e019f25e6f3`
docker/setup-buildx-action	`3.7.1`	`3.11.1`
docker/login-action	`3.3.0`	`3.6.0`
docker/metadata-action	`5.5.1`	`5.10.0`
docker/build-push-action	`6.9.0`	`6.18.0`
EmbarkStudios/cargo-deny-action	`2.0.1`	`2.0.14`
actions/dependency-review-action	`45529485b5eb76184ced07362d2331fd9d26f03f`	`774d14bf50b7a2e2460f9f49e25c52503ecab125`

Updates actions/checkout from 5.0.0 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

... (truncated)

Commits

8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
See full diff in compare view

Updates Swatinem/rust-cache from 2.8.0 to 2.8.2

Release notes

Sourced from Swatinem/rust-cache's releases.

v2.8.2

What's Changed

ci: address lint findings, add zizmor workflow by @woodruffw in Swatinem/rust-cache#262

feat: Implement ability to disable adding job ID + rust environment hashes to cache names by @Ryan-Brice in Swatinem/rust-cache#279

Don't overwrite env for cargo-metadata call by @MaeIsBad in Swatinem/rust-cache#285

New Contributors

@woodruffw made their first contribution in Swatinem/rust-cache#262

@Ryan-Brice made their first contribution in Swatinem/rust-cache#279

@MaeIsBad made their first contribution in Swatinem/rust-cache#285

Full Changelog: Swatinem/rust-cache@v2.8.1...v2.8.2

v2.8.1

What's Changed

Set empty CARGO_ENCODED_RUSTFLAGS in workspace metadata retrieval by @ark0f in Swatinem/rust-cache#249

chore(deps): update dependencies by @reneleonhardt in Swatinem/rust-cache#251

chore: fix dependabot groups by @reneleonhardt in Swatinem/rust-cache#253

Bump the prd-patch group with 2 updates by @dependabot[bot] in Swatinem/rust-cache#254

chore(dependabot): regenerate and commit dist/ by @reneleonhardt in Swatinem/rust-cache#257

Bump @types/node from 22.16.3 to 24.2.1 in the dev-major group by @dependabot[bot] in Swatinem/rust-cache#255

Bump typescript from 5.8.3 to 5.9.2 in the dev-minor group by @dependabot[bot] in Swatinem/rust-cache#256

Bump actions/setup-node from 4 to 5 in the actions group by @dependabot[bot] in Swatinem/rust-cache#259

Update README.md by @Propfend in Swatinem/rust-cache#234

Bump @types/node from 24.2.1 to 24.3.0 in the dev-minor group by @dependabot[bot] in Swatinem/rust-cache#258

New Contributors

@ark0f made their first contribution in Swatinem/rust-cache#249

@reneleonhardt made their first contribution in Swatinem/rust-cache#251

@dependabot[bot] made their first contribution in Swatinem/rust-cache#254

@Propfend made their first contribution in Swatinem/rust-cache#234

Full Changelog: Swatinem/rust-cache@v2...v2.8.1

Changelog

Sourced from Swatinem/rust-cache's changelog.

Changelog

2.8.2

Don't overwrite env for cargo-metadata call

2.8.1

Set empty CARGO_ENCODED_RUSTFLAGS when retrieving metadata

Various dependency updates

2.8.0

Add support for warpbuild cache provider

Add new cache-workspace-crates feature

2.7.8

Include CPU arch in the cache key

2.7.7

Also cache cargo install metadata

2.7.6

Allow opting out of caching $CARGO_HOME/bin

Add runner OS in cache key

Adds an option to do lookup-only of the cache

2.7.5

Support Cargo.lock format cargo-lock v4

Only run macOsWorkaround() on macOS

2.7.3

Work around upstream problem that causes cache saving to hang for minutes.

2.7.2

Only key by Cargo.toml and Cargo.lock files of workspace members.

2.7.1

Update toml parser to fix parsing errors.

2.7.0

Properly cache trybuild tests.

... (truncated)

Commits

779680d 2.8.2
2ea64ef Bump smol-toml from 1.4.2 to 1.5.2 in the prd-minor group (#287)
8930d9c Bump the actions group with 3 updates (#288)
c071727 Bump @actions/io from 1.1.3 to 2.0.0 in the prd-major group (#281)
f2a41b7 Bump @types/node from 24.9.0 to 24.10.0 in the dev-minor group (#282)
e306f83 Don't overwrite env for cargo-metadata call (#285)
c911900 Merge pull request #284 from Swatinem/dependabot/github_actions/actions-baeb0...
3aaed55 Bump the actions group with 2 updates
972b315 Merge pull request #283 from Swatinem/dependabot/github_actions/actions-b360d...
07caf06 Bump taiki-e/install-action from 2.62.45 to 2.62.49 in the actions group
Additional commits viewable in compare view

Updates taiki-e/install-action from 2.62.46 to 2.62.62

Release notes

Sourced from taiki-e/install-action's releases.

2.62.62

Update cargo-deny@latest to 0.18.8.

Update cargo-shear@latest to 1.7.1.

Update trivy@latest to 0.68.1.

Update uv@latest to 0.9.15.

Update knope@latest to 0.21.6.

2.62.61

Update cargo-deny@latest to 0.18.7.

Update cargo-careful@latest to 0.4.9.

Update uv@latest to 0.9.14.

Update vacuum@latest to 0.20.4.

Update cargo-valgrind@latest to 2.4.0.

Update mise@latest to 2025.11.11.

2.62.60

Update zizmor@latest to 1.18.0.

Update cargo-shear@latest to 1.7.0.

Update wasm-bindgen@latest to 0.2.106.

2.62.59

Update mise@latest to 2025.11.10.

Update uv@latest to 0.9.13.

Update typos@latest to 1.40.0.

2.62.58

Update cargo-shear@latest to 1.6.6.

Update mise@latest to 2025.11.8.

Update zizmor@latest to 1.17.0.

Update uv@latest to 0.9.12.

Update editorconfig-checker@latest to 3.6.0.

Update wasmtime@latest to 39.0.1.

... (truncated)

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

[2.62.62] - 2025-12-03

Update cargo-deny@latest to 0.18.8.

Update cargo-shear@latest to 1.7.1.

Update trivy@latest to 0.68.1.

Update uv@latest to 0.9.15.

Update knope@latest to 0.21.6.

[2.62.61] - 2025-12-02

Update cargo-deny@latest to 0.18.7.

Update cargo-careful@latest to 0.4.9.

Update uv@latest to 0.9.14.

Update vacuum@latest to 0.20.4.

Update cargo-valgrind@latest to 2.4.0.

Update mise@latest to 2025.11.11.

[2.62.60] - 2025-11-30

Update zizmor@latest to 1.18.0.

Update cargo-shear@latest to 1.7.0.

Update wasm-bindgen@latest to 0.2.106.

[2.62.59] - 2025-11-28

Update mise@latest to 2025.11.10.

... (truncated)

Commits

493d7f2 Release 2.62.62
0c6fcb0 Update cargo-deny@latest to 0.18.8
e8101c1 Tweak docs
c8c9b5b tools: Update scripts
8aeb767 ci: Pin create-release reusable workflow
4875eb9 Update cargo-shear@latest to 1.7.1
7cc1b00 Update spdx requirement from 0.12 to 0.13 (#1323)
112bd4c Update trivy@latest to 0.68.1
81a8473 Update uv@latest to 0.9.15
5f588bf Update knope@latest to 0.21.6
Additional commits viewable in compare view

Updates EnricoMi/publish-unit-test-result-action from 2.17.1 to 2.21.0

Release notes

Sourced from EnricoMi/publish-unit-test-result-action's releases.

v2.21.0

Adds the following improvements:

Add Docker action to allow setting Docker registry and image #688

Fix class name matching for NUnit3 #689

Upgrade all Python dependencies to latest version #695

Fix @2 tag in README.md to @v2 #687

Full Changelog: EnricoMi/publish-unit-test-result-action@v2.20.0...v2.21.0

v2.20.0

Adds the following improvements:

Add action typing #653

Isolate PIP cache used by composite actions #668

Fix for empty <system-out> and <system-err> #667

Deprecate github_token_actor option, auto-detect actor #661

Use and recommend !cancelled() instead of always() #659

Add deprecationMessage to action.yml for deprecated inputs #654

Resolve regex library warnings #660

Full Changelog: EnricoMi/publish-unit-test-result-action@v2.19.0...v2.20.0

v2.19.0

Adds the following improvements:

Add option to verify SSL/TLS connection (#638)

Mention composite replacement in README.md (#647)

Quote $PYTHON_BIN in deprecated composite action (#646)

v2.18.0

Adds the following improvements:

Support Python 3.13 (#632)

Upgrade dependencies (#566)

Use unicode emojis (instead of markdown) (#631)

Commits

34d7c95 Releasing v2.21.0 (#699)
578fa89 Add docker/action.yml to allow setting docker registry and image (#688)
45cb788 Bump actions/download-artifact from 4 to 5 (#683)
8c91382 Bump actions/checkout from 4 to 5 (#684)
694bceb Fix @2 tag in README.md to @v2 (#687)
980d9de Fix class name matching in nunit3-to-junit.xslt (#689)
d243703 Remove macos-13, and macos-26 github runners (#697)
c965d1e Bump actions/setup-python from 5 to 6 (#692)
c88cf3f Add Python 3.14 to CI (#694)
37526f5 Upgrade all Python dependencies to latest version (#695)
Additional commits viewable in compare view

Updates codecov/codecov-action from 5.1.1 to 5.5.1

Release notes

Sourced from codecov/codecov-action's releases.

v5.5.1

What's Changed

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in codecov/codecov-action#1833

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @dependabot[bot] in codecov/codecov-action#1861

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

docs: fix typo in README by @datalater in codecov/codecov-action#1866

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @dependabot[bot] in codecov/codecov-action#1867

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in codecov/codecov-action#1868

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

chore(release): 5.5.1 by @thomasrockhu-codecov in codecov/codecov-action#1873

New Contributors

@datalater made their first contribution in codecov/codecov-action#1866

Full Changelog: codecov/codecov-action@v5.5.0...v5.5.1

v5.5.0

What's Changed

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in codecov/codecov-action#1829

docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837

fix: Typo in README by @spalmurray in codecov/codecov-action#1838

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

chore(release): 5.5.0 by @thomasrockhu-codecov in codecov/codecov-action#1865

New Contributors

@spalmurray made their first contribution in codecov/codecov-action#1837

@martincostello made their first contribution in codecov/codecov-action#1859

@jviall made their first contribution in codecov/codecov-action#1864

Full Changelog: codecov/codecov-action@v5.4.3...v5.5.0

v5.4.3

What's Changed

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @dependabot in codecov/codecov-action#1822

chore(release): 5.4.3 by @thomasrockhu-codecov in codecov/codecov-action#1827

Full Changelog: codecov/codecov-action@v5.4.2...v5.4.3

v5.4.2

What's Changed

fix: hotfix oidc by @thomasrockhu-codecov in codecov/codecov-action#1813

Full Changelog: codecov/codecov-action@v5.4.1...v5.4.2

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.1

What's Changed

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in codecov/codecov-action#1868

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in codecov/codecov-action#1867

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

docs: fix typo in README by @datalater in codecov/codecov-action#1866

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in codecov/codecov-action#1861

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

fix: Typo in README by @spalmurray in codecov/codecov-action#1838

docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in codecov/codecov-action#1822

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

v5.4.1

... (truncated)

Commits

5a10915 chore(release): 5.5.1 (#1873)
3e0ce21 fix: overwrite pr number on fork (#1871)
c4741c8 build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1868)
17370e8 build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (#1867)
18fdacf fix: update to use local app/ dir (#1872)
206148c docs: fix typo in README (#1866)
3cb13a1 Document a codecov-cli version reference example (#1774)
a4803c1 build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 (#1861)
3139621 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#1833)
fdcc847 chore(release): 5.5.0 (#1865)
Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.4.1 to 2.5.0

Release notes

Sourced from softprops/action-gh-release's releases.

v2.5.0

What's Changed

Exciting New Features 🎉

feat: mark release as draft until all artifacts are uploaded by @dumbmoron in softprops/action-gh-release#692

Other Changes 🔄

chore(deps): bump the npm group across 1 directory with 5 updates by @dependabot[bot] in softprops/action-gh-release#697

chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 in the github-actions group by @dependabot[bot] in softprops/action-gh-release#689

New Contributors

@dumbmoron made their first contribution in softprops/action-gh-release#692

Full Changelog: softprops/action-gh-release@v2.4.2...v2.5.0

v2.4.2

What's Changed

Exciting New Features 🎉

feat: Ensure generated release notes cannot be over 125000 characters by @BeryJu in softprops/action-gh-release#684

Other Changes 🔄

dependency updates

New Contributors

@BeryJu made their first contribution in softprops/action-gh-release#684

Full Changelog: softprops/action-gh-release@v2.4.1...v2.4.2

Changelog

Sourced from softprops/action-gh-release's changelog.

2.5.0

What's Changed

Exciting New Features 🎉

feat: mark release as draft until all artifacts are uploaded by @dumbmoron in softprops/action-gh-release#692

Other Changes 🔄

dependency updates

2.4.2

What's Changed

Exciting New Features 🎉

feat: Ensure generated release notes cannot be over 125000 characters by @BeryJu in softprops/action-gh-release#684

Other Changes 🔄

dependency updates

2.4.1

What's Changed

Other Changes 🔄

fix(util): support brace expansion globs containing commas in parseInputFiles by @Copilot in softprops/action-gh-release#672

fix: gracefully fallback to body when body_path cannot be read by @Copilot in softprops/action-gh-release#671

2.4.0

What's Changed

Exciting New Features 🎉

feat(action): respect working_directory for files globs by @stephenway in softprops/action-gh-release#667

2.3.4

What's Changed

Bug fixes 🐛

fix(action): handle 422 already_exists race condition by @stephenway in softprops/action-gh-release#665

Other Changes 🔄

... (truncated)

Commits

a06a81a release 2.5.0
7da8983 feat: mark release as draft until all artifacts are uploaded (#692)
8797328 chore(deps): bump actions/checkout in the github-actions group (#689)
1bfc62a chore(deps): bump the npm group across 1 directory with 5 updates (#697)
5be0e66 release 2.4.2
af658b4 feat: Ensure generated release notes cannot be over 125000 characters (#684)
237aacc chore: bump node to 24.11.0
00362be chore(deps): bump the npm group with 5 updates (#687)
0adea5a chore(deps): bump the npm group with 3 updates (#686)
aa05f9d chore(deps): bump actions/setup-node from 5.0.0 to 6.0.0 in the github-action...
Additional commits viewable in compare view

Updates slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml from f701310a334f5d712a8869541c8e19ecb4eefc24 to a09dd8c05eda63cace134cb7dccd7e019f25e6f3

Changelog

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml's changelog.

CHANGELOG

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

v2.1.0: Vars context recorded in provenance

v2.0.0

v2.0.0: Breaking Change: upload-artifact and download-artifact

v2.0.0: Breaking Change: attestation-name Workflow Input and Output

v2.0.0: DSSE Rekor Type

v1.10.0

v1.10.0: TUF fix

v1.10.0: Gradle Builder

v1.10.0: Go Builder

v1.10.0: Container Generator

v1.9.0

v1.9.0: BYOB framework (https://github.com/slsa-framework/slsa-github-generator/blob/main/beta)

v1.9.0: Maven builder (https://github.com/slsa-framework/slsa-github-generator/blob/main/beta)

v1.9.0: Gradle builder (https://github.com/slsa-framework/slsa-github-generator/blob/main/beta)

v1.9.0: JReleaser builder

v1.8.0

v1.8.0: Generic Generator

v1.8.0: Node.js Builder (https://github.com/slsa-framework/slsa-github-generator/blob/main/beta)

v1.7.0

v1.7.0: Go builder

v1.6.0

Summary of changes

Go builder

New Features

Generic generator

New Features

Container generator

Changelog since v1.5.0

v1.5.0

Summary of changes

Go builder

New Features

Generic generator

New Features

Container generator

New Features

Changelog since v1.4.0

... (truncated)

Commits

a09dd8c chore: Update unsupported v2 of go-jose to supported v4 (#4439)
4876e96 chore: slsa-verifier v2.7.1 (#4332)
a5cc0c3 chore: Remove old TODO (#4152)
9255e11 chore(deps): update github-actions
8e3df77 chore: verify SLSA token at creation
24e3463 chore(deps): update github-actions
0617b3a chore(deps): update github-actions (#4132)
9103ac6 refs back to main

Bumps the actions group with 13 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.1` | | [Swatinem/rust-cache](https://github.com/swatinem/rust-cache) | `2.8.0` | `2.8.2` | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.62.46` | `2.62.62` | | [EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action) | `2.17.1` | `2.21.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.1.1` | `5.5.1` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.4.1` | `2.5.0` | | [slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator) | `f701310a334f5d712a8869541c8e19ecb4eefc24` | `a09dd8c05eda63cace134cb7dccd7e019f25e6f3` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.7.1` | `3.11.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `3.6.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `5.10.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.9.0` | `6.18.0` | | [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) | `2.0.1` | `2.0.14` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `45529485b5eb76184ced07362d2331fd9d26f03f` | `774d14bf50b7a2e2460f9f49e25c52503ecab125` | Updates `actions/checkout` from 5.0.0 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@08c6903...8e8c483) Updates `Swatinem/rust-cache` from 2.8.0 to 2.8.2 - [Release notes](https://github.com/swatinem/rust-cache/releases) - [Changelog](https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md) - [Commits](Swatinem/rust-cache@98c8021...779680d) Updates `taiki-e/install-action` from 2.62.46 to 2.62.62 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](taiki-e/install-action@f535147...493d7f2) Updates `EnricoMi/publish-unit-test-result-action` from 2.17.1 to 2.21.0 - [Release notes](https://github.com/enricomi/publish-unit-test-result-action/releases) - [Commits](EnricoMi/publish-unit-test-result-action@82082da...34d7c95) Updates `codecov/codecov-action` from 5.1.1 to 5.5.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@7f8b4b4...5a10915) Updates `softprops/action-gh-release` from 2.4.1 to 2.5.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@6da8fa9...a06a81a) Updates `slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml` from f701310a334f5d712a8869541c8e19ecb4eefc24 to a09dd8c05eda63cace134cb7dccd7e019f25e6f3 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@f701310...a09dd8c) Updates `docker/setup-buildx-action` from 3.7.1 to 3.11.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@c47758b...e468171) Updates `docker/login-action` from 3.3.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@9780b0c...5e57cd1) Updates `docker/metadata-action` from 5.5.1 to 5.10.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@8e5442c...c299e40) Updates `docker/build-push-action` from 6.9.0 to 6.18.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@4f58ea7...2634353) Updates `EmbarkStudios/cargo-deny-action` from 2.0.1 to 2.0.14 - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](EmbarkStudios/cargo-deny-action@8371184...76cd80e) Updates `actions/dependency-review-action` from 45529485b5eb76184ced07362d2331fd9d26f03f to 774d14bf50b7a2e2460f9f49e25c52503ecab125 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@4552948...774d14b) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: Swatinem/rust-cache dependency-version: 2.8.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: taiki-e/install-action dependency-version: 2.62.62 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: EnricoMi/publish-unit-test-result-action dependency-version: 2.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: 5.5.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: softprops/action-gh-release dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml dependency-version: a09dd8c05eda63cace134cb7dccd7e019f25e6f3 dependency-type: direct:production dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-version: 3.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/metadata-action dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: docker/build-push-action dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: EmbarkStudios/cargo-deny-action dependency-version: 2.0.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/dependency-review-action dependency-version: 774d14bf50b7a2e2460f9f49e25c52503ecab125 dependency-type: direct:production dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-12-04T05:07:03Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies labels Dec 4, 2025

dependabot bot closed this Dec 4, 2025

dependabot bot deleted the dependabot/github_actions/actions-7c5aebf4fe branch December 4, 2025 05:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(deps): bump the actions group with 13 updates#35

ci(deps): bump the actions group with 13 updates#35
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-7c5aebf4fe

dependabot bot commented on behalf of github Dec 4, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Dec 4, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Dec 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

Changelog

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v2.8.2

What's Changed

New Contributors

v2.8.1

What's Changed

New Contributors

Changelog

2.8.2

2.8.1

2.8.0

2.7.8

2.7.7

2.7.6

2.7.5

2.7.3

2.7.2

2.7.1

2.7.0

2.62.62

2.62.61

2.62.60

2.62.59

2.62.58

Changelog

[Unreleased]

[2.62.62] - 2025-12-03

[2.62.61] - 2025-12-02

[2.62.60] - 2025-11-30

[2.62.59] - 2025-11-28

v2.21.0

v2.20.0

v2.19.0

v2.18.0

v5.5.1

What's Changed

New Contributors

v5.5.0

What's Changed

New Contributors

v5.4.3

What's Changed

v5.4.2

What's Changed

v5.5.1

What's Changed

v5.5.0

What's Changed

v5.4.3

What's Changed

v5.4.2

What's Changed

v5.4.1

v2.5.0

What's Changed

Exciting New Features 🎉

Other Changes 🔄

New Contributors

dependabot bot commented on behalf of github Dec 4, 2025 •

edited

Loading