[#patch](deps): Bump the actions-deps group with 8 updates #255

dependabot · 2025-09-07T10:26:48Z

Bumps the actions-deps group with 8 updates:

Package	From	To
aquasecurity/trivy-action	`0.33.0`	`0.33.1`
reviewdog/action-setup	`1.3.2`	`1.4.0`
actions/setup-go	`5.5.0`	`6.0.0`
reviewdog/action-actionlint	`1.66.1`	`1.67.0`
actions/setup-python	`5.6.0`	`6.0.0`
aws-actions/configure-aws-credentials	`4.3.1`	`5.0.0`
reviewdog/action-tflint	`1.24.2`	`1.25.0`
actions/github-script	`7.0.1`	`8.0.0`

Updates aquasecurity/trivy-action from 0.33.0 to 0.33.1

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.33.1

What's Changed

Update setup-trivy action to version v0.2.4 by @martincostello in aquasecurity/trivy-action#486

Full Changelog: aquasecurity/trivy-action@0.33.0...0.33.1

Commits

b6643a2 Update setup-trivy action to version v0.2.4 (#486)
See full diff in compare view

Updates reviewdog/action-setup from 1.3.2 to 1.4.0

Release notes

Sourced from reviewdog/action-setup's releases.

Release v1.4.0

What's Changed

chore(deps): update haya14busa/action-depup action to v1.6.4 by @renovate[bot] in reviewdog/action-setup#52

Pin reviewdog/action-setup version in README by @haya14busa in reviewdog/action-setup#55

chore(deps): update reviewdog/action-actionlint action to v1.65.1 by @renovate[bot] in reviewdog/action-setup#53

chore(deps): update reviewdog/action-actionlint action to v1.65.2 by @renovate[bot] in reviewdog/action-setup#56

chore(deps): update reviewdog/action-alex action to v1.15.4 by @renovate[bot] in reviewdog/action-setup#57

chore(deps): update reviewdog/action-alex action to v1.16.0 by @renovate[bot] in reviewdog/action-setup#59

chore(deps): update reviewdog/action-misspell action to v1.26.3 by @renovate[bot] in reviewdog/action-setup#58

chore(deps): update reviewdog/action-shellcheck action to v1.30.0 by @renovate[bot] in reviewdog/action-setup#60

Update install scripts with binst by @haya14busa in reviewdog/action-setup#71

Full Changelog: reviewdog/action-setup@v1.3.2...v1.4.0

Commits

d8edfce Merge pull request #71 from reviewdog/update-installer-script
71ad8e7 Update install scripts with binst
60c4a83 Merge pull request #60 from reviewdog/renovate/reviewdog-action-shellcheck-1.x
604f51e chore(deps): update reviewdog/action-shellcheck action to v1.30.0
b6eb1e5 Merge pull request #58 from reviewdog/renovate/reviewdog-action-misspell-1.x
d0b3fd7 Merge pull request #59 from reviewdog/renovate/reviewdog-action-alex-1.x
284e2a8 chore(deps): update reviewdog/action-alex action to v1.16.0
bdb16ab chore(deps): update reviewdog/action-misspell action to v1.26.3
8854ffa Merge pull request #57 from reviewdog/renovate/reviewdog-action-alex-1.x
e343bce Merge pull request #56 from reviewdog/renovate/reviewdog-action-actionlint-1.x
Additional commits viewable in compare view

Updates actions/setup-go from 5.5.0 to 6.0.0

Release notes

Sourced from actions/setup-go's releases.

v6.0.0

What's Changed

Breaking Changes

Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in actions/setup-go#460

Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in actions/setup-go#624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/setup-go#589

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-go#591

Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in actions/setup-go#590

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-go#594

Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in actions/setup-go#538

Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in actions/setup-go#603

Upgrade form-data to bring in fix for critical vulnerability by @matthewhughes934 in actions/setup-go#618

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-go#631

New Contributors

@matthewhughes934 made their first contribution in actions/setup-go#618

@salmanmkc made their first contribution in actions/setup-go#624

Full Changelog: actions/setup-go@v5...v6.0.0

Commits

4469467 Bump actions/checkout from 4 to 5 (#631)
e093d1e Node 24 upgrade (#624)
1d76b95 Improve toolchain handling (#460)
e75c3e8 Bump form-data to bring in fix for critical vulnerability (#618)
8e57b58 Bump eslint-plugin-jest from 28.11.0 to 29.0.1 (#603)
7c0b336 Bump typescript from 5.4.2 to 5.8.3 (#538)
6f26dcc Bump undici from 5.28.5 to 5.29.0 (#594)
8d4083a Bump @typescript-eslint/parser from 5.62.0 to 8.32.0 (#590)
fa96338 Bump @actions/tool-cache from 2.0.1 to 2.0.2 (#591)
4de67c0 Bump @types/jest from 29.5.12 to 29.5.14 (#589)
See full diff in compare view

Updates reviewdog/action-actionlint from 1.66.1 to 1.67.0

Release notes

Sourced from reviewdog/action-actionlint's releases.

Release v1.67.0

v1.67.0: PR #172 - chore(deps): update reviewdog to 0.21.0

Commits

95395aa bump v1.67.0
af47a90 Merge branch 'main' into releases/v1
93dc1f9 Merge pull request #172 from reviewdog/depup/reviewdog
37d6325 chore(deps): update reviewdog to 0.21.0
See full diff in compare view

Updates actions/setup-python from 5.6.0 to 6.0.0

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

Commits

e797f83 Upgrade to node 24 (#1164)
3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
5b668cf Bump actions/checkout from 4 to 5 (#1181)
f62a0e2 Change missing cache directory error to warning (#1182)
9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
36da51d Add version parsing from Pipfile (#1067)
3c6f142 update documentation (#1156)
Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 4.3.1 to 5.0.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v5.0.0

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)

Cleanup input handling. Changes invalid boolean input behavior (see #1445) (74b3e27)

support account id allowlist (#1456) (c4be498)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)

Cleanup input handling. Changes invalid boolean input behavior (see #1445) (74b3e27)

support account id allowlist (#1456) (c4be498)

4.3.1 (2025-08-04)

Bug Fixes

update readme to 4.3.1 (#1424) (be2e7ad)

4.3.0 (2025-08-04)

Features

depenency update and feature cleanup (#1414) (59489ba), closes #1062 #1191

Optional environment variable output (c3b3ce6)

Bug Fixes

docs: readme samples versioning (5b3c895)

the wrong example region for China partition in README (37fe9a7)

properly set proxy environment variable (cbea708)

Miscellaneous Chores

release 4.3.0 (3f7c218)

4.2.1 (2025-05-14)

Bug Fixes

ensure explicit inputs take precedence over environment variables (e56e6c4)

... (truncated)

Commits

a03048d chore(main): release 5.0.0 (#1451)
337f510 chore: Fix markdown link formatting in README.md (#1466)
f001d79 chore: update README with versioning (#1465)
cf5f2ac chore: Update dist
b394bdd chore(deps-dev): bump @aws-sdk/credential-provider-env (#1463)
b632c0b chore(deps-dev): bump memfs from 4.38.1 to 4.38.2 (#1462)
978e44a chore: Update dist
c4be498 feat: support account id allowlist (#1456)
c5a43c3 chore: Update dist
8c45f6b feat: add skip OIDC option (#1458)
Additional commits viewable in compare view

Updates reviewdog/action-tflint from 1.24.2 to 1.25.0

Release notes

Sourced from reviewdog/action-tflint's releases.

Release v1.25.0

What's Changed

chore(deps): update reviewdog/action-misspell action to v1.26.2 by @renovate[bot] in reviewdog/action-tflint#105

chore(deps): update reviewdog/action-depup action to v1.6.4 by @renovate[bot] in reviewdog/action-tflint#104

chore(deps): update reviewdog/action-misspell action to v1.26.3 by @renovate[bot] in reviewdog/action-tflint#106

README: Pin GitHub Actions with commit SHA using pinact by @haya14busa in reviewdog/action-tflint#108

chore(deps): update reviewdog/reviewdog to 0.21.0 by @github-actions[bot] in reviewdog/action-tflint#101

Full Changelog: reviewdog/action-tflint@v1.24.2...v1.25.0

Commits

54a5e5a chore(deps): update reviewdog/reviewdog to 0.21.0 (#101)
92ecd5b README: Pin GitHub Actions with commit SHA using pinact (#108)
4e022bb chore(deps): update reviewdog/action-misspell action to v1.26.3 (#106)
1848510 chore(deps): update reviewdog/action-depup action to v1.6.4 (#104)
f1101e4 chore(deps): update reviewdog/action-misspell action to v1.26.2 (#105)
See full diff in compare view

Updates actions/github-script from 7.0.1 to 8.0.0

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

Update Node.js version support to 24.x by @salmanmkc in actions/github-script#637

README for updating actions/github-script from v7 to v8 by @sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

@salmanmkc made their first contribution in actions/github-script#637

@sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

Upgrade husky to v9 by @benelan in actions/github-script#482

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/github-script#485

Upgrade IA Publish by @Jcambass in actions/github-script#486

Fix workflow status badges by @joshmgross in actions/github-script#497

Update usage of actions/upload-artifact by @joshmgross in actions/github-script#512

Clear up package name confusion by @joshmgross in actions/github-script#514

Update dependencies with npm audit fix by @joshmgross in actions/github-script#515

Specify that the used script is JavaScript by @timotk in actions/github-script#478

chore: Add Dependabot for NPM and Actions by @nschonni in actions/github-script#472

Define permissions in workflows and update actions by @joshmgross in actions/github-script#531

chore: Add Dependabot for .github/actions/install-dependencies by @nschonni in actions/github-script#532

chore: Remove .vscode settings by @nschonni in actions/github-script#533

ci: Use github/setup-licensed by @nschonni in actions/github-script#473

make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @iamstarkov in actions/github-script#508

Remove octokit README updates for v7 by @joshmgross in actions/github-script#557

docs: add "exec" usage examples by @neilime in actions/github-script#546

Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @dependabot[bot] in actions/github-script#563

Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @dependabot[bot] in actions/github-script#575

Clearly document passing inputs to the script by @joshmgross in actions/github-script#603

Update README.md by @nebuk89 in actions/github-script#610

New Contributors

@benelan made their first contribution in actions/github-script#482

@Jcambass made their first contribution in actions/github-script#485

@timotk made their first contribution in actions/github-script#478

@iamstarkov made their first contribution in actions/github-script#508

@neilime made their first contribution in actions/github-script#546

@nebuk89 made their first contribution in actions/github-script#610

Full Changelog: actions/github-script@v7...v7.1.0

Commits

ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
2dc352e Bold minimum Actions Runner version in README
01e118c Update README for Node 24 runtime requirements
8b222ac Apply suggestion from @salmanmkc
adc0eea README for updating actions/github-script from v7 to v8
20fe497 Merge pull request #637 from actions/node24
e7b7f22 update licenses
2c81ba0 Update Node.js version support to 24.x
f28e40c Merge pull request #610 from actions/nebuk89-patch-1
1ae9958 Update README.md
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions-deps group with 8 updates: | Package | From | To | | --- | --- | --- | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.33.0` | `0.33.1` | | [reviewdog/action-setup](https://github.com/reviewdog/action-setup) | `1.3.2` | `1.4.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.5.0` | `6.0.0` | | [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.66.1` | `1.67.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.0.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.3.1` | `5.0.0` | | [reviewdog/action-tflint](https://github.com/reviewdog/action-tflint) | `1.24.2` | `1.25.0` | | [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `8.0.0` | Updates `aquasecurity/trivy-action` from 0.33.0 to 0.33.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@f9424c1...b6643a2) Updates `reviewdog/action-setup` from 1.3.2 to 1.4.0 - [Release notes](https://github.com/reviewdog/action-setup/releases) - [Commits](reviewdog/action-setup@e04ffab...d8edfce) Updates `actions/setup-go` from 5.5.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@d35c59a...4469467) Updates `reviewdog/action-actionlint` from 1.66.1 to 1.67.0 - [Release notes](https://github.com/reviewdog/action-actionlint/releases) - [Commits](reviewdog/action-actionlint@e37e2ca...95395aa) Updates `actions/setup-python` from 5.6.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a26af69...e797f83) Updates `aws-actions/configure-aws-credentials` from 4.3.1 to 5.0.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@7474bc4...a03048d) Updates `reviewdog/action-tflint` from 1.24.2 to 1.25.0 - [Release notes](https://github.com/reviewdog/action-tflint/releases) - [Commits](reviewdog/action-tflint@41b4770...54a5e5a) Updates `actions/github-script` from 7.0.1 to 8.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@60a0d83...ed59741) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: reviewdog/action-setup dependency-version: 1.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/setup-go dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: reviewdog/action-actionlint dependency-version: 1.67.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/setup-python dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: aws-actions/configure-aws-credentials dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps - dependency-name: reviewdog/action-tflint dependency-version: 1.25.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2025-09-07T10:27:40Z

KICS version: v2.1.13

	Category	Results
	CRITICAL	0
	HIGH	0
	MEDIUM	0
	LOW	0
	INFO	0
	TRACE	0
	TOTAL	0

Metric	Values
Files scanned	14
Files parsed	14
Files failed to scan	0
Total executed queries	52
Queries failed to execute	0
Execution time	1

Queries Results

\| \|

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 7, 2025

dependabot bot requested a review from notdodo as a code owner September 7, 2025 10:26

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 7, 2025

notdodo approved these changes Sep 7, 2025

View reviewed changes

notdodo merged commit 70aa912 into main Sep 7, 2025
7 checks passed

notdodo deleted the dependabot/github_actions/actions-deps-145aa2cf49 branch September 7, 2025 10:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[#patch](deps): Bump the actions-deps group with 8 updates #255

[#patch](deps): Bump the actions-deps group with 8 updates #255

Uh oh!

dependabot bot commented on behalf of github Sep 7, 2025

Uh oh!

github-actions bot commented Sep 7, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[#patch](deps): Bump the actions-deps group with 8 updates #255

[#patch](deps): Bump the actions-deps group with 8 updates #255

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 7, 2025

v0.33.1

What's Changed

Release v1.4.0

What's Changed

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

Release v1.67.0

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.0.0

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Features

Changelog

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Features

4.3.1 (2025-08-04)

Bug Fixes

4.3.0 (2025-08-04)

Features

Bug Fixes

Miscellaneous Chores

4.2.1 (2025-05-14)

Bug Fixes

Release v1.25.0

What's Changed

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

New Contributors

v7.1.0

What's Changed

New Contributors

Uh oh!

github-actions bot commented Sep 7, 2025

Queries Results

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants