Bump the dependencies group with 12 updates

[dependabot]

Bumps the dependencies group with 12 updates:

Package	From	To
actions/checkout	3	4
trunk-io/trunk-action	1.1.9	1.1.10
github/codeql-action	2.22.5	3.24.5
actions/cache	3.3.2	4.0.0
WyriHaximus/github-action-get-previous-tag	1.3.0	1.4.0
actions/upload-artifact	3.1.3	4.3.1
dorny/paths-filter	2.11.1	3.0.1
actions/setup-node	3.8.2	4.0.2
tibdex/github-app-token	1	2
actions/download-artifact	3.0.2	4.1.2
slackapi/slack-github-action	1.24.0	1.25.0
peter-evans/create-pull-request	5	6

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

• Update default runtime to node20 by @​takost in actions/checkout#1436
• Support fetching without the --progress option by @​simonbaird in actions/checkout#1067
• Release 4.0.0 by @​takost in actions/checkout#1447

New Contributors

• @​takost made their first contribution in actions/checkout#1436
• @​simonbaird made their first contribution in actions/checkout#1067

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

• Mark test scripts with Bash'isms to be run via Bash by @​dscho in actions/checkout#1377
• Add option to fetch tags even if fetch-depth > 0 by @​RobertWieczoreck in actions/checkout#579
• Release 3.6.0 by @​luketomlinson in actions/checkout#1437

New Contributors

• @​RobertWieczoreck made their first contribution in actions/checkout#579
• @​luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

• Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @​megamanics in actions/checkout#1196
• Fix typos found by codespell by @​DimitriPapadopoulos in actions/checkout#1287
• Add support for sparse checkouts by @​dscho and @​dfdez in actions/checkout#1369
• Release v3.5.3 by @​TingluoHuang in actions/checkout#1376

New Contributors

• @​megamanics made their first contribution in actions/checkout#1196
• @​DimitriPapadopoulos made their first contribution in actions/checkout#1287
• @​dfdez made their first contribution in actions/checkout#1369

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

• Fix: Use correct API url / endpoint in GHES by @​fhammerl in actions/checkout#1289 based on #1286 by @​1newsr

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

• Improve checkout performance on Windows runners by upgrading @​actions/github dependency by @​BrettDong in actions/checkout#1246

New Contributors

• @​BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Commits

• b4ffde6 Link to release page from what's new section (#1514)
• 8530928 Correct link to GitHub Docs (#1511)
• 7cdaf2f Update CODEOWNERS to Launch team (#1510)
• 8ade135 Prepare 4.1.0 release (#1496)
• c533a0a Add support for partial checkout filters (#1396)
• 72f2cec Update README.md for V4 (#1452)
• 3df4ab1 Release 4.0.0 (#1447)
• 8b5e8b7 Support fetching without the --progress option (#1067)
• 97a652b Update default runtime to node20 (#1436)
• See full diff in compare view

Updates trunk-io/trunk-action from 1.1.9 to 1.1.10

Release notes

Sourced from trunk-io/trunk-action's releases.

v1.1.10

What's Changed

• Adds lowercase-title option to the upgrade action. (#218)

Full Changelog: trunk-io/trunk-action@v1.1.9...v1.1.10

Commits

• 6522858 feat: add 'lowercase-title' option to upgrade action (#218)
• 34242ec Upgrade trunk to 1.19.0 (#217)
• 78986c8 Upgrade trunk (#216)
• 5c85d2a Upgrade trunk to 1.18.1 (#215)
• 057aaa4 Upgrade trunk to 1.18.0 (#214)
• c4b725d Upgrade trunk (#213)
• cf57c92 Upgrade trunk to 1.17.2 (#212)
• e92f97f chore: migrate test runners to new CI cluster (#210)
• 3e6816d Upgrade trunk to 1.17.1 (#208)
• ee21f62 chore(deps): update github/codeql-action action to v2.22.4 (#207)
• Additional commits viewable in compare view

Updates github/codeql-action from 2.22.5 to 3.24.5

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.24.5 - 23 Feb 2024

• Update default CodeQL bundle version to 2.16.3. #2156

3.24.4 - 21 Feb 2024

• Fix an issue where an existing, but empty, /sys/fs/cgroup/cpuset.cpus file always resulted in a single-threaded run. #2151

3.24.3 - 15 Feb 2024

• Fix an issue where the CodeQL Action would fail to load a configuration specified by the config input to the init Action. #2147

3.24.2 - 15 Feb 2024

• Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. #2141

3.24.1 - 13 Feb 2024

• Update default CodeQL bundle version to 2.16.2. #2124
• The CodeQL action no longer fails if it can't write to the telemetry api endpoint. #2121

3.24.0 - 02 Feb 2024

• CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See release notes for 3.23.0 for more details. #2106

3.23.2 - 26 Jan 2024

• On Linux, the maximum possible value for the --threads option now respects the CPU count as specified in cgroup files to more accurately reflect the number of available cores when running in containers. #2083
• Update default CodeQL bundle version to 2.16.1. #2096

3.23.1 - 17 Jan 2024

• Update default CodeQL bundle version to 2.16.0. #2073
• Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. #2079

3.23.0 - 08 Jan 2024

• We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. #2031
• The CodeQL Action now requires CodeQL version 2.11.6 or later. For more information, see the corresponding changelog entry for CodeQL Action version 2.22.7. #2009

... (truncated)

Commits

• 47b3d88 Merge pull request #2162 from github/update-v3.24.5-a74dcdb05
• 28c2900 Update changelog for v3.24.5
• a74dcdb Merge pull request #2160 from github/henrymercer/deptrace-with-build-mode
• aeb89ef Enable C++ deptrace when using autobuild build mode
• 2896599 Merge pull request #2060 from github/mbg/go/1.22
• e3a86ed Add comment justifying why we set cache: false
• 5d55901 Use Go 1.22 in workflows
• 908a883 Merge pull request #2158 from github/mergeback/v3.24.4-to-main-e2e140ad
• 9bce06d Merge branch 'main' into mergeback/v3.24.4-to-main-e2e140ad
• c9f3eed Update checked-in dependencies
• Additional commits viewable in compare view

Updates actions/cache from 3.3.2 to 4.0.0

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

• Update action to node20 by @​takost in actions/cache#1284
• feat: save-always flag by @​to-s in actions/cache#1242

New Contributors

• @​takost made their first contribution in actions/cache#1284
• @​to-s made their first contribution in actions/cache#1242

Full Changelog: actions/cache@v3...v4.0.0

v3.3.3

What's Changed

• Cache v3.3.3 by @​robherley in actions/cache#1302

New Contributors

• @​robherley made their first contribution in actions/cache#1302

Full Changelog: actions/cache@v3...v3.3.3

Changelog

Sourced from actions/cache's changelog.

Releases

3.0.0

• Updated minimum runner version support from node 12 -> node 16

3.0.1

• Added support for caching from GHES 3.5.
• Fixed download issue for files > 2GB during restore.

3.0.2

• Added support for dynamic cache size cap on GHES.

3.0.3

• Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

• Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

• Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

• Fixed #809 - zstd -d: no such file or directory error
• Fixed #833 - cache doesn't work with github workspace directory

3.0.7

• Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

• Fix zstd not working for windows on gnu tar in issues #888 and #891.
• Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

3.0.9

• Enhanced the warning message for cache unavailablity in case of GHES.

3.0.10

• Fix a bug with sorting inputs.
• Update definition for restore-keys in README.md

... (truncated)

Commits

• 13aacd8 Merge pull request #1242 from to-s/main
• 53b35c5 Merge branch 'main' into main
• 65b8989 Merge pull request #1284 from takost/update-to-node-20
• d0be34d Fix dist
• 66cf064 Merge branch 'main' into update-to-node-20
• 1326563 Merge branch 'main' into main
• e12d46a Merge pull request #1302 from actions/robherley/v3.3.3
• 1baebfc licensed
• eb94f1a cache v3.3.3
• e718767 Fix format
• Additional commits viewable in compare view

Updates WyriHaximus/github-action-get-previous-tag from 1.3.0 to 1.4.0

Release notes

Sourced from WyriHaximus/github-action-get-previous-tag's releases.

v1.4.0

• Total issues resolved: 1
• Total pull requests resolved: 6
• Total contributors: 4

CI 🚧,Configuration ⚙,JavaScript 🦏,YAML 🍄

• 53: Stricten working directory tests thanks to @​WyriHaximus

YAML 🍄

• 52: Update to Node 20 thanks to @​coreyworrell and @​Gershon-A

CI 🚧,Configuration ⚙,JavaScript 🦏,MarkDown 📝,YAML 🍄

• 51: Add the ability to specify the working directory thanks to @​WyriHaximus

MarkDown 📝

• 49: fetch tags instead of fetch-depth: 0 thanks to @​staabm

CI 🚧,Configuration ⚙,YAML 🍄

• 44: Remove file removal action thanks to @​WyriHaximus
• 43: Add unit tests thanks to @​WyriHaximus

Commits

• 04e8485 Merge pull request #53 from WyriHaximus/stricten-working-directory-tests
• 8640114 Stricten working directory tests
• 53f35de Merge pull request #44 from WyriHaximus/remove-file-removal-action
• 80e207e Remove file removal action
• 487f53a Merge pull request #51 from WyriHaximus/set-working-directory
• 752030f Add the ability to specify the working directory
• 5e8388f Merge pull request #52 from coreyworrell/patch-1
• 80af5d6 Update to Node 20
• 5916541 Merge pull request #49 from staabm/patch-1
• a0f33a9 fetch tags instead of fetch-depth: 0
• Additional commits viewable in compare view

Updates actions/upload-artifact from 3.1.3 to 4.3.1

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.1

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.3.0

What's Changed

• Reorganize upload code in prep for merge logic & add more tests by @​robherley in actions/upload-artifact#504
• Add sub-action to merge artifacts by @​robherley in actions/upload-artifact#505

Full Changelog: actions/upload-artifact@v4...v4.3.0

v4.2.0

What's Changed

• Ability to overwrite an Artifact by @​robherley in actions/upload-artifact#501

Full Changelog: actions/upload-artifact@v4...v4.2.0

v4.1.0

What's Changed

• Add migrations docs by @​robherley in actions/upload-artifact#482
• Update README.md by @​samuelwine in actions/upload-artifact#492
• Support artifact-url output by @​konradpabjan in actions/upload-artifact#496
• Update readme to reflect new 500 artifact per job limit by @​robherley in actions/upload-artifact#497

New Contributors

• @​samuelwine made their first contribution in actions/upload-artifact#492

Full Changelog: actions/upload-artifact@v4...v4.1.0

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

1. The changelog post.
2. The README.
3. The migration documentation.
4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

• @​vmjoseph made their first contribution in actions/upload-artifact#464

Full Changelog: actions/upload-artifact@v3...v4.0.0

Commits

• 5d5d22a Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1
• f1e993d update artifact license
• 4881bfd updating dist:
• a30777e @​eggyhead
• 3a80482 Merge pull request #511 from actions/robherley/migration-docs-typo
• 9d63e3f Merge branch 'main' into robherley/migration-docs-typo
• dfa1ab2 fix typo with v3 artifact downloads in migration guide
• d00351b Merge pull request #509 from markmssd/patch-1
• 707f5a7 Update limitation of 10 artifacts upload to 500
• 26f96df Merge pull request #505 from actions/robherley/merge-artifacts
• Additional commits viewable in compare view

Updates dorny/paths-filter from 2.11.1 to 3.0.1

Release notes

Sourced from dorny/paths-filter's releases.

v3.0.1

What's Changed

• Compare base and ref when token is empty by @​frouioui in dorny/paths-filter#133

New Contributors

• @​frouioui made their first contribution in dorny/paths-filter#133

Full Changelog: dorny/paths-filter@v3...v3.0.1

v3.0.0

What's Changed

• Update README.md: added real world usage example by @​iamtodor in dorny/paths-filter#178
• Update Node.js to version 20 by @​danielhjacobs in dorny/paths-filter#206
• Update to nodejs 20 by @​dorny in dorny/paths-filter#210
• chore(deps): bump checkout action to v4 and use setup-node to setup node and cache npm deps by @​chenrui333 in dorny/paths-filter#211
• Update all dependencies by @​dorny in dorny/paths-filter#215

New Contributors

• @​iamtodor made their first contribution in dorny/paths-filter#178
• @​danielhjacobs made their first contribution in dorny/paths-filter#206
• @​chenrui333 made their first contribution in dorny/paths-filter#211

Full Changelog: dorny/paths-filter@v2.11.1...v3.0.0

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v3.0.1

• Compare base and ref when token is empty

v3.0.0

• Update to Node.js 20
• Update all dependencies

v2.11.1

• Update @​actions/core to v1.10.0 - Fixes warning about deprecated set-output
• Document need for pull-requests: read permission
• Updating to actions/checkout@v3

v2.11.0

• Set list-files input parameter as not required
• Update Node.js
• Fix incorrect handling of Unicode characters in exec()
• Use Octokit pagination
• Updates real world links

v2.10.2

• Fix getLocalRef() returns wrong ref

v2.10.1

• Improve robustness of change detection

v2.10.0

• Add ref input parameter
• Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

• Fix change detection when base is a tag

v2.9.2

• Fix fetching git history

v2.9.1

• Fix fetching git history + fallback to unshallow repo

v2.9.0

• Add list-files: csv format

v2.8.0

• Add count output variable
• Fix log grouping of changes

v2.7.0

• Add "changes" output variable to support matrix job configuration
• Improved listing of matching files with list-files: shell and list-files: escape options

... (truncated)

Commits

• ebc4d7e Update CHANGELOG for v3.0.1
• 45f16f1 Merge pull request #133 from frouioui/main
• 5da0e4c Merge branch 'master'
• 1441771 Update README.md
• 0bc4621 Bump major version to v3
• 7267a85 Update CHANGELOG for v2.12.0
• e36f112 Merge pull request #215 from dorny/update-dependencies
• 2f74457 Update all dependencies
• 6761795 Update examples in README to use checkout@v4
• a35d8d6 Merge pull request #211 from chenrui333/node-20
• Additional commits viewable in compare view

Updates actions/setup-node from 3.8.2 to 4.0.2

Release notes

Sourced from actions/setup-node's releases.

v4.0.2

What's Changed

• Add support for volta.extends by @​ThisIsManta in actions/setup-node#921
• Add support for arm64 Windows by @​dmitry-shibanov in actions/setup-node#927

New Contributors

• @​ThisIsManta made their first contribution in actions/setup-node#921

Full Changelog: actions/setup-node@v4.0.1...v4.0.2

v4.0.1

What's Changed

• Ignore engines in Yarn 1 e2e-cache tests by @​trivikr in actions/setup-node#882
• Update setup-node references in the README.md file to setup-node@v4 by @​jwetzell in actions/setup-node#884
• Update reusable workflows to use Node.js v20 by @​MaksimZhukov in actions/setup-node#889
• Add fix for cache to resolve slow post action step by @​aparnajyothi-y in actions/setup-node#917
• Fix README.md by @​takayamaki in actions/setup-node#898
• Add package.json to node-version-file list of examples. by @​TWiStErRob in actions/setup-node#879
• Fix node-version-file interprets entire package.json as a version by @​NullVoxPopuli in actions/setup-node#865

New Contributors

• @​trivikr made their first contribution in actions/setup-node#882
• @​jwetzell made their first contribution in actions/setup-node#884
• @​aparnajyothi-y made their first contribution in actions/setup-node#917
• @​takayamaki made their first contribution in actions/setup-node#898
• @​TWiStErRob made their first contribution in actions/setup-node#879
• @​NullVoxPopuli made their first contribution in actions/setup-node#865

Full Changelog: actions/setup-node@v4...v4.0.1

v4.0.0

What's Changed

In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in actions/setup-node#866

Besides, release contains such changes as:

• Upgrade actions/checkout to v4 by @​gmembre-zenika in actions/setup-node#868
• Update actions/checkout for documentation and yaml by @​dmitry-shibanov in actions/setup-node#876

New Contributors

• @​gmembre-zenika made their first contribution in actions/setup-node#868

Full Changelog: actions/setup-node@v3...v4.0.0

Commits

• 60edb5d Add support for arm64 Windows (#927)
• d86ebcd Add support for volta.extends (#921)
• b39b52d Fix node-version-file interprets entire package.json as a version (#865)
• 7247617 Add package.json to node-version-file list of examples. (#879)
• f3ec4ca Fix README.md (#898)
• ec97f37 Add fix for cache (#917)
• 5ef044f Update reusable workflows to use Node.js v20 (#889)
• c45882a update to setup-node@v4 in docs (#884)
• ee36e8b Ignore engines check in Yarn 1 e2e-cache tests (#882)
• 8f152de Update actions/checkout for documentation and yaml (#876)
• Additional commits viewable in compare view

Updates tibdex/github-app-token from 1 to 2

Release notes

Sourced from tibdex/github-app-token's releases.

v2.0.0

• BREAKING: replaces the installation_id and repository inputs with installation_retrieval_mode and installation_retrieval_payload to also support organization and user installation.
• switches to node20.
• adds a repositories input to scope the created token to a subset of repositories.
• revokes the created token at the end of the job with a post script.

v1.9.0

No release notes provided.

v1.8.2

No release notes provided.

v1.8.1

No release notes provided.

v1.8.0

No release notes provided.

v1.7.0

No release notes provided.

v1.6.0

No release notes provided.

v1.5.2

No release notes provided.

v1.5.1

No release notes provided.

v1.5.0

No release notes provided.

v1.4.0

No release notes provided.

v1.3.0

No release notes provided.

v1.2.0

No release notes provided.

v1.1.1

No release notes provided.

v1.1.0

No release notes provided.

v1.0.2

No release notes provided.

Commits

• 3beb63f release v2.1.0
• 3eb77c7 Add option to not revoke token (#95)
• 9571738 Add support for organization and user installation retrieval and repository s...
• See full diff in compare view

Updates actions/download-artifact from 3.0.2 to 4.1.2

Release notes

Sourced from actions/download-artifact's releases.

v4.1.2

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.1.1

• Fix transient request timeouts actions/download-artifact#249
• Bump @actions/artifacts to latest version

v4.1.0

What's Changed

• Some cleanup by @​robherley in actions/download-artifact#247
• Fix default for run-id by @​stchr in actions/download-artifact#252
• Support pattern matching to filter artifacts & merge to same directory by @​robherley in actions/download-artifact#259

New Contributors

• @​stchr made their first contribution in actions/download-artifact#252

Full Changelog: actions/download-artifact@v4...v4.1.0

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

1. The changelog post.
2. The README.
3. The migration documentation.
4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

• @​bflad made their first contribution in actions/download-artifact#194

Full Changelog: actions/download-artifact@v3...v4.0.0

Commits

• eaceaf8 Merge pull request #291 from actions/eggyhead/update-artifact-v2.1.1
• 81eafdc update artifact license
• 9ac5cad updating artifact dependency to version 2.1.1
• 3ad8411 Merge pull request #287 from actions/robherley/sync-migration-docs
• 1de4643 Sync migration docs with upload-artifact
• bb3fa7f Merge pull request #275 from actions/robherley/better-log-msgs
• a244de5 ncc
• 355659b clarify log messages when using pattern/merge-multiple params
• 6b208ae Merge pull request #274 from actions/vmjoseph/timeout-patch
• 6c5b580 only adding updated license
• Additional commits viewable in compare view

Updates slackapi/slack-github-action from 1.24.0 to 1.25.0

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack Send V1.25.0

What's Changed

• Update payload integration test to escape invalid characters by @​hello-ashleyintech in slackapi/slack-github-action#207
• #204: Handle proxies when using Slack WebClient by @​raihle in slackapi/slack-github-action#205
• README: clarify limitations to workflow builder approach by @​ryan-williams in slackapi/slack-github-action#228
• Add instructions for developing with a local version of the action by @​zimeg in slackapi/slack-github-action#250
• Pass secrets to approved workflow jobs by @​zimeg in slackapi/slack-github-action#258
• build(node): bump the runtime version to node 20 by @​zimeg in slackapi/slack-github-action#267
• ci(security): require access checks to pass before running unit tests by @​zimeg in slackapi/slack-github-action#279
• ci(security): check for pull_request_target events in the access check by @​zimeg in slackapi/slack-github-action#282

New Contributors

• @​raihle made their first contribution in ...

  Description has been truncated

[dependabot]

The following labels could not be found: 🤖 dependabot.

[trunk-io]

⏱️ 3m total CI duration on this PR

Job	Cumulative Duration	Recent Runs
CodeQL-Build	2m	🟩
Trunk Check runner [linux]	1m	🟩
Repo Tests / Plugin Tests	24s	🟩
Aggregate Test Results	3s	🟩
Detect changed files	3s	🟩

_{settings ⋅ feedback ⋅ docs ⋅ learn more about trunk.io}

[dependabot]

Superseded by #685.