Skip to content

build(deps): bump the github-actions group across 1 directory with 5 updates#1

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-a64c52b5d6
Open

build(deps): bump the github-actions group across 1 directory with 5 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-a64c52b5d6

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026
edited
Loading

Bumps the github-actions group with 5 updates in the / directory:

Package From To
actions/checkout 5 6
dependabot/fetch-metadata 2 3
actions/download-artifact 4 8
actions/setup-node 5 6
slackapi/slack-github-action 2 3

Updates actions/checkout from 5 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates dependabot/fetch-metadata from 2 to 3

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

New Contributors

Full Changelog: dependabot/fetch-metadata@v2...v3.0.0

v2.5.0

What's Changed

... (truncated)

Commits
  • 25dd0e3 v3.1.0 (#692)
  • e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
  • 0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
  • 7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
  • 5168191 Updating dist build
  • 23882e1 build(deps): bump @​actions/github in the dependencies group
  • 1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
  • 43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
  • b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
  • c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
  • Additional commits viewable in compare view

Updates actions/download-artifact from 4 to 8

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v6.0.0

... (truncated)

Commits
  • 3e5f45b Add regression tests for CJK characters (#471)
  • e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • Additional commits viewable in compare view

Updates actions/setup-node from 5 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

Commits

Updates slackapi/slack-github-action from 2 to 3

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack GitHub Action v3.0.0

The @v3.0.0 release had a hiccup on publish and we recommend using @​v3.0.1 or a more recent version when updating! Oops!

🎽 Running Slack CLI commands and the active Node runtime, both included in this release 👟 ✨

⚠️ Breaking change: Node.js 24 the runtime

This major version updates the GitHub Actions required runtime to Node.js 24. Most GitHub-hosted runners already include this, but self-hosted runners may need to be updated ahead of planned deprecations of Node 20 on GitHub Actions runners.

📺 Enhancement: Run Slack CLI commands

This release introduces a new technique for running Slack CLI commands directly in GitHub Actions workflows. Use this to install the latest version (or a specific one) of the CLI and execute commands like deploy for merges to main, manifest validate with tests, and other commands.

Gather a token using the following CLI command to store with repo secrets, then get started with an example below:

$ slack auth token

🧪 Validate an app manifest on pull requests

Check that your app manifest is valid before merging changes:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/validate-a-manifest

- name: Validate the manifest
  uses: slackapi/slack-github-action/cli@v3.0.0
  with:
    command: "manifest validate --app ${{ vars.SLACK_APP_ID }}"
    token: ${{ secrets.SLACK_SERVICE_TOKEN }}

🚀 Deploy your app on push to main

Automate deployments whenever changes land on your main branch:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/deploy-an-app

- name: Deploy the app
  uses: slackapi/slack-github-action/cli@v3.0.0
  with:
    command: "deploy --app ${{ vars.SLACK_APP_ID }} --force"
    token: ${{ secrets.SLACK_SERVICE_TOKEN }}

Any Slack CLI command can be passed through the command option without the "slack" prefix 🍀

The token input accepts a service token for authentication. You can gather this token by running slack auth token with the Slack CLI and storing the value as a repository secret.

... (truncated)

Changelog

Sourced from slackapi/slack-github-action's changelog.

slack-github-action

3.0.2

Patch Changes

  • 79529d7: fix: resolve url.parse deprecation warning for webhook techniques
Commits
  • 03ea543 chore: release
  • 90fee45 chore: release (#593)
  • b0fbce7 ci: send release announcements on publish (#594)
  • 0b9c067 build: automate release packaging and version bumps with changesets (#592)
  • dd817b0 docs: update broken hyperlinks to docs (#591)
  • 7ce931d docs: streamlines doc structure (#590)
  • 093434f build(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#589)
  • 1f09fc7 build(deps-dev): bump typescript from 5.9.3 to 6.0.2 (#584)
  • 79529d7 build(deps): bump axios from 1.14.0 to 1.15.0 (#588)
  • 4414b7f build(deps): bump codecov/codecov-action from 5.5.2 to 6.0.0 (#581)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 30, 2026
@dependabot
build(deps): bump the github-actions group across 1 directory with 5 …
cf240fd 
…updates

Bumps the github-actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `5` | `6` |
| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2` | `3` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` |
| [actions/setup-node](https://github.com/actions/setup-node) | `5` | `6` |
| [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `2` | `3` |



Updates `actions/checkout` from 5 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v5...v6)

Updates `dependabot/fetch-metadata` from 2 to 3
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@v2...v3)

Updates `actions/download-artifact` from 4 to 8
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4...v8)

Updates `actions/setup-node` from 5 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v5...v6)

Updates `slackapi/slack-github-action` from 2 to 3
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md)
- [Commits](slackapi/slack-github-action@v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: dependabot/fetch-metadata
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: slackapi/slack-github-action
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump the github-actions group with 5 updates build(deps): bump the github-actions group across 1 directory with 5 updates Apr 30, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-a64c52b5d6 branch from 83bd13a to cf240fd Compare April 30, 2026 05:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants