build: bump the all-actions group across 1 directory with 10 updates by dependabot[bot] · Pull Request #167 · microsoft/Container-Migration-Solution-Accelerator

dependabot · 2026-04-01T19:47:36Z

Bumps the all-actions group with 10 updates in the / directory:

Package	From	To
actions/checkout	`4`	`6`
codfish/semantic-release-action	`3`	`5`
tj-actions/changed-files	`46.0.5`	`47.0.5`
lycheeverse/lychee-action	`2.4.1`	`2.8.0`
docker/setup-buildx-action	`3`	`4`
docker/build-push-action	`6`	`7`
amannn/action-semantic-pull-request	`5`	`6`
actions/setup-python	`5`	`6`
actions/stale	`9`	`10`
actions/upload-artifact	`4`	`7`

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates codfish/semantic-release-action from 3 to 5

Release notes

Sourced from codfish/semantic-release-action's releases.

v5.0.0

5.0.0 (2026-02-08)

Features

upgrade deps, node, bump semantic-release to v25 (#231) (6abd188)

BREAKING CHANGES

@semantic-release/github no longer consumes the GitHub Search API in the plugin.

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this github action version except for Node version requirements. Because this is a docker-based github action, the version of node in use is defined inside of the docker image, not by the consuming runner or your code.

@semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See github plugin v12 release notes.

semantic-release v25: Upgraded from v24.2.7 to v25.0.3

@semantic-release/npm upgraded to v13

@semantic-release/commit-analyzer and @semantic-release/release-notes-generator moved from beta to stable

Dependency updates (yargs v18, hosted-git-info v9)

See semantic-release v25 release notes

npm OIDC Trusted Publishing Support: The upgrade to @semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

@actions/core: Upgraded to v3.0.0 (internal implementation only)

Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior

Review semantic-release v25 changes

Review @semantic-release/github v12 changes

Update your workflows to use @v5

(Optional) Migrate to npm OIDC Trusted Publishing:

Configure your package on npmjs.com to enable trusted publishing from GitHub Actions

Add id-token: write permission to your workflow job

Remove the NPM_TOKEN secret (you won't need it anymore!)

See npm's trusted publishing guide

... (truncated)

Changelog

Sourced from codfish/semantic-release-action's changelog.

v5.0.0 Release Notes Draft

Breaking Changes

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this GitHub action version except for Node version requirements. Because this is a Docker-based github action, the version of Node.js in use is defined inside of the Docker image, not by the consuming runner or your code.

What Changed

@semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See GitHub plugin v12 release notes.

semantic-release v25: Upgraded from v24.2.7 to v25.0.3

@semantic-release/npm upgraded to v13

@semantic-release/commit-analyzer and @semantic-release/release-notes-generator moved from beta to stable

Dependency updates (yargs v18, hosted-git-info v9)

See semantic-release v25 release notes

npm OIDC Trusted Publishing Support: The upgrade to @semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

@actions/core: Upgraded to v3.0.0 (internal implementation only)

Migration Steps

Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior

Review semantic-release v25 changes

Review @semantic-release/github v12 changes

Update your workflows to use @v5

(Optional) Migrate to npm OIDC Trusted Publishing:

Configure your package on npmjs.com to enable trusted publishing from GitHub Actions

Add id-token: write permission to your workflow job

Remove the NPM_TOKEN secret (you won't need it anymore!)

See npm's trusted publishing guide

Version History

v5 uses semantic-release v25 & Node.js v24.13.0

v4 uses semantic-release v24 & Node.js v22.18.0

v3 uses semantic-release v22 & Node.js v20.9

v2 uses semantic-release v20 & Node.js v18.7

Full Changelog

... (truncated)

Commits

6abd188 feat: upgrade deps, node, bump semantic-release to v25 (#231)
626240e ci: normalize branch name for docker pr images (#230)
ec8c36d ci: only update docker images if new release was published
1d49992 Add renovate.json (#217)
517b713 docs: update README with latest version
6c65402 Merge pull request #216 from codfish/pnpm
91fdaf1 fix: install additional packages to /action to avoid package manager issues
dc9e488 Merge pull request #215 from codfish/cod/docs-public-npm
7912744 docs: add scoped packages note to readme
66d0b11 chore: cleanup ai context
Additional commits viewable in compare view

Updates tj-actions/changed-files from 46.0.5 to 47.0.5

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.5

What's Changed

Upgraded to v47.0.4 by @github-actions[bot] in tj-actions/changed-files#2802

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2803

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2805

chore(deps-dev): bump @types/node from 25.2.2 to 25.3.2 by @dependabot[bot] in tj-actions/changed-files#2811

chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 by @dependabot[bot] in tj-actions/changed-files#2810

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in tj-actions/changed-files#2809

chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 by @dependabot[bot] in tj-actions/changed-files#2799

chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 by @dependabot[bot] in tj-actions/changed-files#2806

chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 by @dependabot[bot] in tj-actions/changed-files#2775

chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 by @dependabot[bot] in tj-actions/changed-files#2774

chore(deps): bump lodash and @types/lodash by @dependabot[bot] in tj-actions/changed-files#2807

chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 by @dependabot[bot] in tj-actions/changed-files#2764

chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 by @dependabot[bot] in tj-actions/changed-files#2815

chore(deps-dev): bump @types/node from 25.3.2 to 25.3.3 by @dependabot[bot] in tj-actions/changed-files#2814

Full Changelog: tj-actions/changed-files@v47.0.4...v47.0.5

v47.0.4

What's Changed

update: release-tagger action to version 6.0.6 by @jackton1 in tj-actions/changed-files#2801

Full Changelog: tj-actions/changed-files@v47.0.3...v47.0.4

v47.0.3

What's Changed

chore(deps): bump github/codeql-action from 4.31.10 to 4.32.2 by @dependabot[bot] in tj-actions/changed-files#2790

update: release-tagger action to version 6.0.0 by @jackton1 in tj-actions/changed-files#2800

Full Changelog: tj-actions/changed-files@v47.0.2...v47.0.3

v47.0.2

What's Changed

chore(deps-dev): bump eslint-plugin-jest from 29.2.1 to 29.11.0 by @dependabot[bot] in tj-actions/changed-files#2751

chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in tj-actions/changed-files#2741

chore(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in tj-actions/changed-files#2743

chore(deps): bump @actions/core from 2.0.0 to 2.0.2 by @dependabot[bot] in tj-actions/changed-files#2757

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2768

chore: update dist by @jackton1 in tj-actions/changed-files#2769

chore: update matrix-example.yml by @jackton1 in tj-actions/changed-files#2752

feat: add support for excluding symlinks and fix bug with commit not found by @jackton1 in tj-actions/changed-files#2770

chore(deps): bump github/codeql-action from 4.31.7 to 4.31.10 by @dependabot[bot] in tj-actions/changed-files#2761

Updated README.md by @github-actions[bot] in tj-actions/changed-files#2771

chore(deps-dev): bump eslint-plugin-jest from 29.11.0 to 29.12.1 by @dependabot[bot] in tj-actions/changed-files#2756

chore(deps-dev): bump @types/lodash from 4.17.21 to 4.17.23 by @dependabot[bot] in tj-actions/changed-files#2759

fix: Update test.yml by @jackton1 in tj-actions/changed-files#2781

... (truncated)

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.5 - (2026-03-03)

🔄 Update

Updated README.md (#2805)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> (35dace0) - (github-actions[bot])

Updated README.md (#2803)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (9ee99eb) - (github-actions[bot])

⚙️ Miscellaneous Tasks

deps-dev: Bump @types/node from 25.3.2 to 25.3.3 (#2814) (22103cc) - (dependabot[bot])

deps: Bump github/codeql-action from 4.32.4 to 4.32.5 (#2815) (6c02e90) - (dependabot[bot])

deps-dev: Bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#2764) (05f9457) - (dependabot[bot])

deps: Bump lodash and @types/lodash (#2807) (52ed872) - (dependabot[bot])

deps: Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#2774) (1cc5746) - (dependabot[bot])

deps-dev: Bump prettier from 3.7.4 to 3.8.1 (#2775) (de2962f) - (dependabot[bot])

deps: Bump github/codeql-action from 4.32.2 to 4.32.4 (#2806) (37e96cc) - (dependabot[bot])

deps-dev: Bump eslint-plugin-jest from 29.12.1 to 29.15.0 (#2799) (2180b0f) - (dependabot[bot])

deps: Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2809) (cf021c1) - (dependabot[bot])

deps: Bump actions/download-artifact from 7.0.0 to 8.0.0 (#2810) (b54ac6f) - (dependabot[bot])

deps-dev: Bump @types/node from 25.2.2 to 25.3.2 (#2811) (0f2a510) - (dependabot[bot])

⬆️ Upgrades

Upgraded to v47.0.4 (#2802)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (b7ac303) - (github-actions[bot])

47.0.4 - (2026-02-17)

🔄 Update

Release-tagger action to version 6.0.6 (#2801) (7dee1b0) - (Tonye Jack)

47.0.3 - (2026-02-17)

🔄 Update

Release-tagger action to version 6.0.0 (#2800) (28b28f6) - (Tonye Jack)

⚙️ Miscellaneous Tasks

deps: Bump github/codeql-action from 4.31.10 to 4.32.2 (#2790) (875e6e5) - (dependabot[bot])

... (truncated)

Commits

22103cc chore(deps-dev): bump @types/node from 25.3.2 to 25.3.3 (#2814)
6c02e90 chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#2815)
05f9457 chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#2764)
52ed872 chore(deps): bump lodash and @types/lodash (#2807)
1cc5746 chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#2774)
de2962f chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 (#2775)
37e96cc chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 (#2806)
2180b0f chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 (#2799)
cf021c1 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2809)
b54ac6f chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#2810)
Additional commits viewable in compare view

Updates lycheeverse/lychee-action from 2.4.1 to 2.8.0

Release notes

Sourced from lycheeverse/lychee-action's releases.

v2.8.0

What's Changed

Update lycheeVersion to v0.23.0 by @github-actions[bot] in lycheeverse/lychee-action#324

Update args for lychee-action to use root-dir by @mre in lycheeverse/lychee-action#314

Update test to use --root-dir instead of the deprecated --base by @mre in lycheeverse/lychee-action#315

Bump actions/checkout from 5 to 6 by @dependabot[bot] in lycheeverse/lychee-action#316

Bump actions/cache from 4 to 5 by @dependabot[bot] in lycheeverse/lychee-action#319

Bump peter-evans/create-pull-request from 7 to 8 by @dependabot[bot] in lycheeverse/lychee-action#318

Add message with Summary report URL by @atteggiani in lycheeverse/lychee-action#326

New Contributors

@atteggiani made their first contribution in lycheeverse/lychee-action#326

Full Changelog: lycheeverse/lychee-action@v2.7.0...v2.8.0

Version 2.7.0

Breaking changes

If you're using --base, you must now provide either a URL (with scheme) or an absolute local path. See lychee --help for more information. If you want to resolve root-relative links in local files, also see --root-dir.

What's Changed

Bump peter-evans/create-issue-from-file from 5 to 6 by @dependabot[bot] in lycheeverse/lychee-action#307

Upgrade checkout action from v4 to v5 by @jacobdalamb in lycheeverse/lychee-action#310

Update lycheeVersion to v0.21.0 by @github-actions[bot] in lycheeverse/lychee-action#312 See https://github.com/lycheeverse/lychee/releases/tag/lychee-v0.21.0 for the lychee changelog.

Full Changelog: lycheeverse/lychee-action@v2...v2.7.0

Version 2.6.1

What's Changed

Update lycheeVersion to v0.20.1 by @github-actions[bot] in lycheeverse/lychee-action#306, which contains a hotfix for lycheeverse/lychee-action#305.

Full Changelog: lycheeverse/lychee-action@v2...v2.6.1

Version 2.6.0

What's Changed

Update lychee version to v0.20.0 by @github-actions[bot] in lycheeverse/lychee-action#304

Bump actions/checkout from 4 to 5 by @dependabot[bot] in lycheeverse/lychee-action#303

Full Changelog: lycheeverse/lychee-action@v2...v2.6.0

Version 2.5.0

Summary

Most notably with this release the deprecated --exclude-mail flag was removed and the behavior of the --accept flag was updated. Previously, status codes such as 200 OK were always accepted. Now they are only accepted by default. This means providing the argument --accept 201 now rejects status code 200 OK.

What's Changed

Update lycheeVersion to v0.19.1 by @github-actions[bot] in lycheeverse/lychee-action#300

... (truncated)

Commits

8646ba3 Add message with Summary report URL (#326)
c6e7911 [create-pull-request] automated change
631725a Bump peter-evans/create-pull-request from 7 to 8 (#318)
942f324 Bump actions/cache from 4 to 5 (#319)
79de881 Bump actions/checkout from 5 to 6 (#316)
1ef33e2 Update test to use --root-dir instead of the deprecated --base (#315)
50a631e Update args for lychee-action to use root-dir (#314)
a8c4c7c [create-pull-request] automated change (#312)
44b353b Upgrade checkout action from v4 to v5 (#310)
e79a91b Bump peter-evans/create-issue-from-file from 5 to 6 (#307)
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3 to 4

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v3.12.0

Deprecate install input by @crazy-max in docker/setup-buildx-action#455

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432

Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Fix keep-state not being respected by @crazy-max in docker/setup-buildx-action#429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Keep BuildKit state support by @crazy-max in docker/setup-buildx-action#427

Remove aliases created when installing by default by @hashhar in docker/setup-buildx-action#139

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/setup-buildx-action#422 docker/setup-buildx-action#425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

v3.10.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-buildx-action#408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Bump @docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

... (truncated)

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates docker/build-push-action from 6 to 7

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

v6.18.0

Bump @docker/actions-toolkit from 0.61.0 to 0.62.1 in docker/build-push-action#1381

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Bump @docker/acti... Description has been truncated

Bumps the all-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [codfish/semantic-release-action](https://github.com/codfish/semantic-release-action) | `3` | `5` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `46.0.5` | `47.0.5` | | [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) | `2.4.1` | `2.8.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` | | [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) | `5` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [actions/stale](https://github.com/actions/stale) | `9` | `10` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v6) Updates `codfish/semantic-release-action` from 3 to 5 - [Release notes](https://github.com/codfish/semantic-release-action/releases) - [Changelog](https://github.com/codfish/semantic-release-action/blob/main/RELEASE_NOTES_V5.md) - [Commits](codfish/semantic-release-action@v3...v5) Updates `tj-actions/changed-files` from 46.0.5 to 47.0.5 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@ed68ef8...22103cc) Updates `lycheeverse/lychee-action` from 2.4.1 to 2.8.0 - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](lycheeverse/lychee-action@v2.4.1...v2.8.0) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) Updates `amannn/action-semantic-pull-request` from 5 to 6 - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](amannn/action-semantic-pull-request@v5...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `actions/stale` from 9 to 10 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v9...v10) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v7) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: codfish/semantic-release-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: tj-actions/changed-files dependency-version: 47.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: lycheeverse/lychee-action dependency-version: 2.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: amannn/action-semantic-pull-request dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/stale dependency-version: '10' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com>

Python (backend-api): - aiofiles 24.1.0 -> 25.1.0 - azure-ai-agents 1.2.0b3 -> 1.2.0b6 - azure-appconfiguration 1.7.1 -> 1.8.0 - azure-identity 1.24.0 -> 1.25.3 - azure-monitor-opentelemetry 1.7.0 -> 1.8.7 - azure-search-documents 11.6.0b12 -> 11.7.0b2 - azure-storage-blob 12.26.0 -> 12.28.0 - azure-storage-queue 12.13.0 -> 12.15.0 - fastapi 0.116.1 -> 0.135.3 - pydantic-settings 2.10.1 -> 2.13.1 - python-multipart 0.0.22 -> 0.0.26 - sas-cosmosdb 0.1.4 -> 0.1.5 - semantic-kernel 1.40.0 -> 1.41.1 - uvicorn 0.35.0 -> 0.42.0 - pytest 8.4.1 -> 9.0.3 - cryptography (override) 46.0.5 -> 46.0.7 Python (processor): - aiohttp 3.13.3 -> 3.13.5 - azure-ai-agents 1.2.0b3 -> 1.2.0b6 - azure-ai-projects 1.0.0b12 -> 2.0.1 - azure-appconfiguration 1.7.1 -> 1.8.0 - azure-identity 1.24.0 -> 1.25.3 - azure-storage-queue 12.13.0 -> 12.15.0 - openai 2.26.0 -> 2.30.0 - psutil 7.0.0 -> 7.2.2 - pytz 2025.2 -> 2026.1.post1 - sas-cosmosdb 0.1.4 -> 0.1.5 - semantic-kernel 1.40.0 -> 1.41.1 - cryptography (override) 46.0.5 -> 46.0.7 Python (frontend): - fastapi 0.116.1 -> 0.135.3 - uvicorn 0.35.0 -> 0.42.0 - azure-identity 1.24.0 -> 1.25.3 - python-multipart 0.0.22 -> 0.0.26 NPM (frontend): - react 18.3.1 -> 19.2.4, react-dom 18.3.1 -> 19.2.4 - @azure/msal-browser 4.2.0 -> 5.6.2 - @azure/msal-react 3.0.4 -> 5.2.0 - vite 6.0.5 -> 8.0.3, tailwindcss 3.4.17 -> 4.2.2 - axios 1.13.6 -> 1.14.0 - And 25+ more minor/patch npm upgrades GitHub Actions: - actions/checkout v4 -> v6 - docker/setup-buildx-action v3 -> v4 - docker/build-push-action v6 -> v7 - actions/setup-python v5 -> v6 - actions/stale v9 -> v10 - actions/upload-artifact v4 -> v7 - codfish/semantic-release-action v3 -> v5 - amannn/action-semantic-pull-request v5 -> v6 - lycheeverse/lychee-action v2.4.1 -> v2.8.0 - tj-actions/changed-files v46 -> v47.0.5 Addresses Dependabot PRs #166, #167, #168, #169 and individual PRs #170, #179, #183, #185, #187, #188, #189 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 1, 2026

dependabot Bot requested a review from Avijit-Microsoft as a code owner April 1, 2026 19:47

dependabot Bot added the github_actions Pull requests that update GitHub Actions code label Apr 1, 2026

dependabot Bot requested review from Dongbumlee, Prajwal-Microsoft, Roopan-Microsoft, Vinay-Microsoft, aniaroramsft, dgp10801, nchandhi, sethsteenken and toherman-msft as code owners April 1, 2026 19:47

Shreyas-Microsoft mentioned this pull request Apr 21, 2026

build: Upgrade Dependabot-recommended packages across all services #199

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build: bump the all-actions group across 1 directory with 10 updates#167

build: bump the all-actions group across 1 directory with 10 updates#167
dependabot[bot] wants to merge 1 commit intodependabotchangesfrom
dependabot/github_actions/dependabotchanges/all-actions-fdca5cc887

dependabot Bot commented on behalf of github Apr 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 1, 2026

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v5.0.0

5.0.0 (2026-02-08)

Features

BREAKING CHANGES

v5.0.0 Release Notes Draft

Breaking Changes

What Changed

Migration Steps

Version History

Full Changelog

v47.0.5

What's Changed

v47.0.4

What's Changed

v47.0.3

What's Changed

v47.0.2

What's Changed

Changelog

47.0.5 - (2026-03-03)

🔄 Update

⚙️ Miscellaneous Tasks

⬆️ Upgrades

47.0.4 - (2026-02-17)

🔄 Update

47.0.3 - (2026-02-17)

🔄 Update

⚙️ Miscellaneous Tasks

v2.8.0

What's Changed

New Contributors

Version 2.7.0

Breaking changes

What's Changed

Version 2.6.1

What's Changed

Version 2.6.0

What's Changed

Version 2.5.0

Summary

What's Changed

v4.0.0

v3.12.0

v3.11.1

v3.11.0

v3.10.0

v3.9.0

v3.8.0

v7.0.0

v6.19.2

v6.19.1

v6.19.0