chore(deps): bump codecov/codecov-action from 4 to 5 #8

dependabot · 2025-11-06T12:56:11Z

Bumps codecov/codecov-action from 4 to 5.

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

file (this has been deprecated in favor of files)

plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

binary

gcov_args

gcov_executable

gcov_ignore

gcov_include

report_type

skip_validation

swift_project

You can see their usage in the action.yml file.

What's Changed

chore(deps): bump to eslint9+ and remove eslint-config-google by @thomasrockhu-codecov in codecov/codecov-action#1591

build(deps-dev): bump @octokit/webhooks-types from 7.5.1 to 7.6.1 by @dependabot in codecov/codecov-action#1595

build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in codecov/codecov-action#1604

build(deps-dev): bump @typescript-eslint/parser from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1601

build(deps): bump @actions/core from 1.11.0 to 1.11.1 by @dependabot in codecov/codecov-action#1597

build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @dependabot in codecov/codecov-action#1596

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1600

build(deps-dev): bump eslint from 9.11.1 to 9.12.0 by @dependabot in codecov/codecov-action#1598

build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in codecov/codecov-action#1609

build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in codecov/codecov-action#1608

build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in codecov/codecov-action#1607

build(deps-dev): bump @typescript-eslint/parser from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1612

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1611

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1615

build(deps-dev): bump eslint from 9.12.0 to 9.13.0 by @dependabot in codecov/codecov-action#1618

build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in codecov/codecov-action#1617

build(deps-dev): bump @typescript-eslint/parser from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1614

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1620

build(deps-dev): bump @typescript-eslint/parser from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1619

build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in codecov/codecov-action#1622

build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in codecov/codecov-action#1625

build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in codecov/codecov-action#1624

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.11.0 to 8.12.1 by @dependabot in codecov/codecov-action#1626

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.1 to 8.12.2 by @dependabot in codecov/codecov-action#1629

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING] The following arguments have been changed

file (this has been deprecated in favor of files)

plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

binary

gcov_args

gcov_executable

gcov_ignore

gcov_include

report_type

skip_validation

swift_project

You can see their usage in the action.yml file.

What's Changed

chore(deps): bump to eslint9+ and remove eslint-config-google by @thomasrockhu-codecov in codecov/codecov-action#1591

build(deps-dev): bump @octokit/webhooks-types from 7.5.1 to 7.6.1 by @dependabot in codecov/codecov-action#1595

build(deps-dev): bump typescript from 5.6.2 to 5.6.3 by @dependabot in codecov/codecov-action#1604

build(deps-dev): bump @typescript-eslint/parser from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1601

build(deps): bump @actions/core from 1.11.0 to 1.11.1 by @dependabot in codecov/codecov-action#1597

build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @dependabot in codecov/codecov-action#1596

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.0 to 8.8.1 by @dependabot in codecov/codecov-action#1600

build(deps-dev): bump eslint from 9.11.1 to 9.12.0 by @dependabot in codecov/codecov-action#1598

build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in codecov/codecov-action#1609

build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in codecov/codecov-action#1608

build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in codecov/codecov-action#1607

build(deps-dev): bump @typescript-eslint/parser from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1612

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.8.1 to 8.9.0 by @dependabot in codecov/codecov-action#1611

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1615

build(deps-dev): bump eslint from 9.12.0 to 9.13.0 by @dependabot in codecov/codecov-action#1618

build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in codecov/codecov-action#1617

build(deps-dev): bump @typescript-eslint/parser from 8.9.0 to 8.10.0 by @dependabot in codecov/codecov-action#1614

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1620

build(deps-dev): bump @typescript-eslint/parser from 8.10.0 to 8.11.0 by @dependabot in codecov/codecov-action#1619

build(deps-dev): bump @types/jest from 29.5.13 to 29.5.14 by @dependabot in codecov/codecov-action#1622

build(deps): bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in codecov/codecov-action#1625

build(deps): bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in codecov/codecov-action#1624

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.11.0 to 8.12.1 by @dependabot in codecov/codecov-action#1626

build(deps-dev): bump @typescript-eslint/eslint-plugin from 8.12.1 to 8.12.2 by @dependabot in codecov/codecov-action#1629

build(deps-dev): bump @typescript-eslint/parser from 8.11.0 to 8.12.2 by @dependabot in codecov/codecov-action#1628

... (truncated)

Commits

5a10915 chore(release): 5.5.1 (#1873)
3e0ce21 fix: overwrite pr number on fork (#1871)
c4741c8 build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1868)
17370e8 build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (#1867)
18fdacf fix: update to use local app/ dir (#1872)
206148c docs: fix typo in README (#1866)
3cb13a1 Document a codecov-cli version reference example (#1774)
a4803c1 build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 (#1861)
3139621 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#1833)
fdcc847 chore(release): 5.5.0 (#1865)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Update CI to use codecov/codecov-action v5 and switch upload input from file to files.

CI/CD:
- Codecov Upload: Bump codecov/codecov-action to v5 and replace with.file with with.files in .github/workflows/run-tests.yml.

^{Written by Cursor Bugbot for commit 45bef88. This will update automatically on new commits. Configure here.}

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4...v5) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2025-11-06T12:56:12Z

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

…ile'

* chore(deps): bump python-json-logger from 2.0.7 to 3.3.0 (#13) * chore(deps): bump python-json-logger from 2.0.7 to 3.3.0 Bumps [python-json-logger](https://github.com/nhairs/python-json-logger) from 2.0.7 to 3.3.0. - [Release notes](https://github.com/nhairs/python-json-logger/releases) - [Changelog](https://github.com/nhairs/python-json-logger/blob/main/docs/changelog.md) - [Commits](nhairs/python-json-logger@v2.0.7...v3.3.0) --- updated-dependencies: - dependency-name: python-json-logger dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: handle ImportError for pythonjsonlogger gracefully --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: aviadlevy <aviad@ox.security> * Remove specific labels from dependabot.yml Removed 'github-actions' and 'python' labels from Dependabot configuration. * chore(deps): bump actions/setup-python from 5 to 6 (#10) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump actions/checkout from 4 to 5 (#9) Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump codecov/codecov-action from 4 to 5 (#8) * chore(deps): bump codecov/codecov-action from 4 to 5 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4...v5) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * fix: update codecov action configuration to use 'files' instead of 'file' --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: aviadlevy <aviad@ox.security> * chore(deps-dev): bump pytest-cov from 4.1.0 to 7.0.0 (#14) Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 4.1.0 to 7.0.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v4.1.0...v7.0.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-version: 7.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump pytest from 7.4.4 to 9.0.0 (#17) Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.4 to 9.0.0. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@7.4.4...9.0.0) --- updated-dependencies: - dependency-name: pytest dependency-version: 9.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump ruff from 0.1.15 to 0.14.4 (#18) Bumps [ruff](https://github.com/astral-sh/ruff) from 0.1.15 to 0.14.4. - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@v0.1.15...0.14.4) --- updated-dependencies: - dependency-name: ruff dependency-version: 0.14.4 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps-dev): bump pre-commit from 3.8.0 to 4.4.0 (#19) Bumps [pre-commit](https://github.com/pre-commit/pre-commit) from 3.8.0 to 4.4.0. - [Release notes](https://github.com/pre-commit/pre-commit/releases) - [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md) - [Commits](pre-commit/pre-commit@v3.8.0...v4.4.0) --- updated-dependencies: - dependency-name: pre-commit dependency-version: 4.4.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

fix: update codecov action configuration to use 'files' instead of 'f…

45bef88

…ile'

aviadlevy merged commit 92ffee6 into main Nov 9, 2025
8 checks passed

dependabot bot deleted the dependabot/github_actions/codecov/codecov-action-5 branch November 9, 2025 07:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump codecov/codecov-action from 4 to 5 #8

chore(deps): bump codecov/codecov-action from 4 to 5 #8

Uh oh!

dependabot bot commented on behalf of github Nov 6, 2025 •

edited by cursor bot

Loading

Uh oh!

dependabot bot commented on behalf of github Nov 6, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): bump codecov/codecov-action from 4 to 5 #8

chore(deps): bump codecov/codecov-action from 4 to 5 #8

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 6, 2025 • edited by cursor bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.0.0

v5 Release

Migration Guide

What's Changed

v5 Release

Migration Guide

What's Changed

Uh oh!

dependabot bot commented on behalf of github Nov 6, 2025

Labels

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

dependabot bot commented on behalf of github Nov 6, 2025 •

edited by cursor bot

Loading