Skip to content

chore(ci): bump the actions-major group across 1 directory with 14 updates#5342

Merged
jgoux merged 1 commit into
developfrom
dependabot/github_actions/actions-major-c351d3f921
Jun 3, 2026
Merged

chore(ci): bump the actions-major group across 1 directory with 14 updates#5342
jgoux merged 1 commit into
developfrom
dependabot/github_actions/actions-major-c351d3f921

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 23, 2026
edited
Loading

Bumps the actions-major group with 14 updates in the / directory:

Package From To
actions/create-github-app-token 3.1.1 3.2.0
actions/upload-artifact 4.6.2 7.0.1
actions/download-artifact 4.3.0 8.0.1
golangci/golangci-lint-action 9.2.0 9.2.1
github/codeql-action 4.35.2 4.36.0
aws-actions/configure-aws-credentials 6.1.0 6.1.1
docker/login-action 4.1.0 4.2.0
docker/setup-buildx-action 4.0.0 4.1.0
docker/build-push-action 7.1.0 7.2.0
docker/setup-qemu-action 3.7.0 4.0.0
actions/cache 4.3.0 5.0.5
softprops/action-gh-release 2.6.1 3.0.0
supabase/setup-cli 1.7.1 2.1.1
nrwl/nx-set-shas 4.4.0 5.0.1

Updates actions/create-github-app-token from 3.1.1 to 3.2.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.2.0

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)
Changelog

Sourced from actions/create-github-app-token's changelog.

Changelog

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)
Commits
  • bcd2ba4 chore(main): release 3.2.0 (#370)
  • f24bbd8 fix: validate private-key input (#376)
  • 363531b docs: capitalize Git as a proper noun in README (#374)
  • fd28011 docs: update procedure to configure Git (#287)
  • 85eb8dd feat: support full repository names in repositories input (#372)
  • c9aabb8 build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...
  • e02e816 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)
  • 8d835bf build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...
  • 952a2a7 feat: add support for enterprise-level GitHub Apps (#263)
  • 43e5c34 fix(deps): bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependenc...
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

Updates actions/download-artifact from 4.3.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

... (truncated)

Commits
  • 3e5f45b Add regression tests for CJK characters (#471)
  • e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 9.2.0 to 9.2.1

Release notes

Sourced from golangci/golangci-lint-action's releases.

v9.2.1

What's Changed

IMPORTANT: this is the first immutable release.

Changes

Dependencies

Full Changelog: golangci/golangci-lint-action@v9.2.0...v9.2.1

Commits
  • 82606bf chore: prepare release v9.2.1
  • 97c8387 chore: improve workflows (#1394)
  • 28d0a19 build(deps): bump the dependencies group across 1 directory with 2 updates
  • 633fbc7 build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#1391)
  • 59f43e2 build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#1389)
  • 9eb174e build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#1386)
  • 4f52504 build(deps): bump github/codeql-action from 4 to 4.35.2 (#1384)
  • 6f87dfd docs: update examples
  • c9500d7 chore: improve workflows
  • 03b1faa chore: improve issue templates
  • Additional commits viewable in compare view

Updates github/codeql-action from 4.35.2 to 4.36.0

Release notes

Sourced from github/codeql-action's releases.

v4.36.0

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926

v4.35.5

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

v4.35.4

  • Update default CodeQL bundle version to 2.25.4. #3881

v4.35.3

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.36.0 - 22 May 2026

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926

4.35.5 - 15 May 2026

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

  • Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
  • Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

4.35.0 - 27 Mar 2026

... (truncated)

Commits
  • 7211b7c Merge pull request #3927 from github/update-v4.36.0-ebc2d9e2b
  • 7740f2f Update changelog for v4.36.0
  • ebc2d9e Merge pull request #3926 from github/update-bundle/codeql-bundle-v2.25.5
  • d1f74b7 Add changelog note
  • 2dc40ce Update default bundle to codeql-bundle-v2.25.5
  • 8449852 Merge pull request #3910 from github/henrymercer/repo-size-diff-check
  • 72ac23c Update excluded required check list
  • c5297a2 Merge pull request #3919 from github/henrymercer/workflow-concurrency
  • 8ffeae7 CI: Automatically cancel non-generated workflows
  • f3f52bf Revert getErrorMessage import
  • Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 6.1.0 to 6.1.1

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.1.1

What's Changed

Full Changelog: aws-actions/configure-aws-credentials@v6...v6.1.1

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.1.2 (2026-05-26)

Features

Bug Fixes

  • additional filesystem checks (#1799) (c39f282)
  • skip credential check on output-env-credentials: false (#1778) (58e7c47)

6.1.1 (2026-05-05)

Miscellaneous Chores

  • various dependency updates

6.1.0 (2026-04-06)

Features

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Features

Bug Fixes

... (truncated)

Commits
  • d979d5b chore: release 6.1.1 (#1757)
  • d4a9acd chore: Update dist
  • fc44f4a chore(deps): bump @​aws-sdk/client-sts from 3.1033.0 to 3.1038.0 (#1749)
  • 0b8336f chore: Update dist
  • 8c5bf33 chore(deps-dev): bump @​aws-sdk/credential-provider-env (#1751)
  • 53df0c1 chore: Update dist
  • c2c5582 chore(deps): bump @​smithy/node-http-handler from 4.6.0 to 4.6.1 (#1750)
  • bd0031d chore(deps): bump postcss from 8.5.6 to 8.5.12 (#1752)
  • 6ab499a chore(deps-dev): bump @​biomejs/biome from 2.4.12 to 2.4.13 (#1747)
  • bc94895 chore(deps-dev): bump @​biomejs/biome from 2.4.11 to 2.4.12 (#1739)
  • Additional commits viewable in compare view

Updates docker/login-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits
  • 650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 99df1a3 chore: update generated content
  • 3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • 39d8580 Merge pull request #970 f...

    Description has been truncated

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 23, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 23, 2026 00:06
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 23, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-major-c351d3f921 branch 4 times, most recently from 1237c1f to 67ebb88 Compare May 29, 2026 00:22
@dependabot dependabot Bot changed the title chore(deps): bump the actions-major group across 1 directory with 14 updates fix(deps): bump the actions-major group across 1 directory with 14 updates May 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-major-c351d3f921 branch 7 times, most recently from b3455ae to 6449777 Compare May 30, 2026 01:07
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-major-c351d3f921 branch 2 times, most recently from b4291eb to b16b168 Compare June 1, 2026 00:12
@jgoux jgoux force-pushed the dependabot/github_actions/actions-major-c351d3f921 branch from 59bc37e to 11a71c4 Compare June 3, 2026 11:04
@jgoux jgoux force-pushed the dependabot/github_actions/actions-major-c351d3f921 branch from 11a71c4 to 6aaa090 Compare June 3, 2026 11:05
@jgoux jgoux merged commit db543b4 into develop Jun 3, 2026
10 of 11 checks passed
@jgoux jgoux deleted the dependabot/github_actions/actions-major-c351d3f921 branch June 3, 2026 11:12
@jgoux jgoux changed the title fix(deps): bump the actions-major group across 1 directory with 14 updates chore(ci): bump the actions-major group across 1 directory with 14 updates Jun 3, 2026
@supabase-cli-releaser supabase-cli-releaser Bot mentioned this pull request Jun 4, 2026
Merged
jgoux added a commit that referenced this pull request Jun 4, 2026
@supabase-cli-releaser @jgoux
@Coly010 @7ttp @dependabot @Versa-Sync-Studios @avallete @claude
chore: production deploy (#5471)
310e453 
- **chore: sync API types from infrastructure (#5417)**
- **fix(cli): read Go Windows credentials in legacy TS (#5418)**
- **fix(ci): pass release channel to PR smoke workflow (#5419)**
- **fix(cli): enable vector buckets by default (#5421)**
- **fix(cli): bind a free port for edge-runtime diff containers
(#5424)**
- **ci(cli): publish pkg.pr.new previews after preview builds (#5420)**
- **feat(ci): notify Slack on release failures regardless of channel
(#5425)**
- **feat(cli): port telemetry  (#5422)**
- **docs(cli): modernize README and add installer (#5428)**
- **fix(docker): check Supabase image updates hourly (#5429)**
- **ci(cli): publish pkg.pr.new previews on pull requests (#5427)**
- **fix(docker): restore daily Dependabot schedule (#5430)**
- **fix(docker): bump the docker-minor group in
/apps/cli-go/pkg/config/templates with 5 updates (#5431)**
- **fix(cli): read Go Windows credentials via findCredentials (#5423)**
- **chore: sync API types from infrastructure (#5434)**
- **chore(ci): update Dependabot Go module paths (#5435)**
- **ci(release): use app token for release tag pushes (#5432)**
- **fix(deps): bump the go-minor group across 2 directories with 7
updates (#5437)**
- **fix(docker): bump the docker-minor group in
/apps/cli-go/pkg/config/templates with 2 updates (#5436)**
- **feat(cli): port link and unlink commands to native TypeScript
(#5426)**
- **feat(cli): port init (#5433)**
- **ci(release): use app token checkout for release pushes (#5439)**
- **fix(deps): bump the actions-major group across 1 directory with 14
updates (#5342)**
- **fix(docker): bump supabase/studio from 2026.06.01-sha-a4334a2 to
2026.06.03-sha-0bca601 in /apps/cli-go/pkg/config/templates in the
docker-minor group (#5441)**
- **chore(ci): add CLI preview PR comment (#5440)**
- **chore(ci): bump the actions-major group with 2 updates (#5443)**
- **chore(ci): use non-releasing actions dependabot prefix (#5442)**
- **fix(cli): inject S3 and sb key env variables into Studio (#5438)**
- **ci(preview): allow preview package PR comment (#5444)**
- **chore(release): add LLM release-notes prompt and approval-based
publish pipeline (#5330)**
- **chore(ci): fix propose release workflow dispatch (#5447)**
- **chore(ci): update workflows to skip CI for release-notes PRs
(#5455)**
- **feat(cli): port login and logout commands to native TypeScript
(#5446)**
- **chore(ci): bump aws-actions/configure-aws-credentials from 6.1.2 to
6.1.3 in the actions-major group (#5463)**
- **fix(docker): bump supabase/realtime from v2.103.1 to v2.103.2 in
/apps/cli-go/pkg/config/templates in the docker-minor group (#5464)**
- **fix(cli): persist legacy telemetry opt-out (#5465)**
- **fix(cli): restore Go debug output parity (#5467)**

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: supabase-cli-releaser[bot] <246109035+supabase-cli-releaser[bot]@users.noreply.github.com>
Co-authored-by: Julien Goux <hi@jgoux.dev>
Co-authored-by: Colum Ferry <cferry09@gmail.com>
Co-authored-by: Vaibhav <117663341+7ttp@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: VERSA SYNC STUDIOS <206948228+Versa-Sync-Studios@users.noreply.github.com>
Co-authored-by: Andrew Valleteau <avallete@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
@supabase-cli-releaser supabase-cli-releaser Bot mentioned this pull request Jun 4, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jgoux jgoux jgoux approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jgoux