deps: bump the github-actions group across 1 directory with 10 updates#1
deps: bump the github-actions group across 1 directory with 10 updates#1dependabot[bot] wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates multiple GitHub Actions used across the reusable CI workflows in this repository (checkout/setup tooling, artifact handling, caching, SonarQube scanning, and release automation) to newer major versions.
Changes:
- Bump core actions used in workflows (e.g.,
actions/checkout,actions/setup-python,actions/setup-node,actions/cache, artifact upload/download). - Update SonarQube scan action to
SonarSource/sonarqube-scan-action@v8.1.0and release automation togoogleapis/release-please-action@v5.0.0. - Update pnpm setup and GitHub App token creation actions.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| .github/workflows/sync-files.yml | Updates checkout and GitHub App token action versions for the sync workflow. |
| .github/workflows/release-please.yml | Bumps release-please action pin to v5.0.0 commit SHA. |
| .github/workflows/ci-python-library.yml | Updates pinned SHAs for checkout/upload-artifact and bumps SonarQube scan action pin. |
| .github/workflows/ci-pnpm-node.yml | Updates checkout/setup-node/pnpm setup and artifact upload versions; bumps cache action pins and SonarQube scan pin. |
| .github/workflows/ci-npm-publish.yml | Updates checkout/setup-node and download-artifact versions for publishing workflow. |
| .github/workflows/ci-node.yml | Updates checkout/setup-node and artifact upload versions; bumps cache action pins and SonarQube scan pin. |
| .github/workflows/ci-django-api.yml | Updates checkout/setup-python/cache and SonarQube scan action versions for Django API CI. |
| .github/workflows/build-python-dists.yml | Updates pinned SHAs for checkout/setup-python/upload-artifact in Python dist build workflow. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
@dependabot recreate |
057737c to
f225137
Compare
|
@dependabot recreate |
f225137 to
6d78243
Compare
|
@dependabot recreate |
6d78243 to
0e555ab
Compare
|
@dependabot recreate |
0e555ab to
2f28b8e
Compare
2f28b8e to
b902378
Compare
|
@dependabot recreate |
b902378 to
40cd76c
Compare
|
@dependabot recreate |
40cd76c to
18685de
Compare
|
@dependabot recreate |
18685de to
bc60e1d
Compare
bc60e1d to
d5d5d4b
Compare
|
@dependabot recreate |
|
Looks like this PR is already up-to-date with main, and has been recreated more than 5 times in the last 24 hours! |
|
@dependabot recreate |
d5d5d4b to
0a836d7
Compare
0a836d7 to
28685ec
Compare
Bumps the github-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.3` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` | | [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `6.0.0` | `8.2.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.4.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` | | [pnpm/action-setup](https://github.com/pnpm/action-setup) | `6.0.5` | `6.0.8` | | [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.3.0` | `5.0.0` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.2` | `3.2.0` | Updates `actions/checkout` from 4.3.1 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.3.1...df4cb1c) Updates `actions/setup-python` from 5.6.0 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5.6.0...a309ff8) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.2...043fb46) Updates `actions/cache` from 4.3.0 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4.3.0...27d5ce7) Updates `SonarSource/sonarqube-scan-action` from 6.0.0 to 8.2.0 - [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases) - [Commits](SonarSource/sonarqube-scan-action@v6...7138816) Updates `actions/setup-node` from 4.4.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@49933ea...48b55a0) Updates `actions/download-artifact` from 4.3.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4.3.0...3e5f45b) Updates `pnpm/action-setup` from 6.0.5 to 6.0.8 - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@8912a91...0e279bb) Updates `googleapis/release-please-action` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/googleapis/release-please-action/releases) - [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md) - [Commits](googleapis/release-please-action@c2a5a2b...45996ed) Updates `actions/create-github-app-token` from 2.2.2 to 3.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](actions/create-github-app-token@fee1f7d...bcd2ba4) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/create-github-app-token dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: googleapis/release-please-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: pnpm/action-setup dependency-version: 6.0.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: SonarSource/sonarqube-scan-action dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
28685ec to
eca9ae8
Compare
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
Bumps the github-actions group with 10 updates in the / directory:
4.3.16.0.35.6.06.2.04.6.27.0.14.3.05.0.56.0.08.2.04.4.06.4.04.3.08.0.16.0.56.0.84.3.05.0.02.2.23.2.0Updates
actions/checkoutfrom 4.3.1 to 6.0.3Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
df4cb1cUpdate changelog for v6.0.3 (#2446)1cce339Fix checkout init for SHA-256 repositories (#2439)900f221fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)0c366fdUpdate changelog (#2357)de0fac2Fix tag handling: preserve annotations and explicit fetch-tags (#2356)064fe7fAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)Updates
actions/setup-pythonfrom 5.6.0 to 6.2.0Release notes
Sourced from actions/setup-python's releases.
... (truncated)
Commits
a309ff8Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)bfe8cc5Upgrade@actionsdependencies to Node 24 compatible versions (#1259)4f41a90Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)83679a8Bump@types/nodefrom 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...bfc4944Bump prettier from 3.5.3 to 3.6.2 (#1234)97aeb3eBump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)443da59Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...cfd55cagraalpy: add graalpy early-access and windows builds (#880)bba65e5Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)18566f8Improve wording and "fix example" (remove 3.13) on testing against pre-releas...Updates
actions/upload-artifactfrom 4.6.2 to 7.0.1Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
043fb46Merge pull request #797 from actions/yacaovsnc/update-dependency634250cInclude changes in typespec/ts-http-runtime 0.3.5e454baaReadme: bump all the example versions to v7 (#796)74fad66Update the readme with direct upload details (#795)bbbca2dSupport direct file uploads (#764)589182cUpgrade the module to ESM and bump dependencies (#762)47309c9Merge pull request #754 from actions/Link-/add-proxy-integration-tests02a8460Add proxy integration testb7c566aMerge pull request #745 from actions/upload-artifact-v6-releasee516bc8docs: correct description of Node.js 24 support in READMEUpdates
actions/cachefrom 4.3.0 to 5.0.5Release notes
Sourced from actions/cache's releases.
... (truncated)
Changelog
Sourced from actions/cache's changelog.
... (truncated)
Commits
27d5ce7Merge pull request #1747 from actions/yacaovsnc/update-dependencyf280785licensed changes619aeb1npm run build generated dist filesbcf16c2Update ts-http-runtime to 0.3.56682284Merge pull request #1738 from actions/prepare-v5.0.4e340396Update RELEASES8a67110Add licenses1865903Update dependencies & patch security vulnerabilities5656298Merge pull request #1722 from RyPeck/patch-14e380d1Fix cache key in examples.md for bun.lockUpdates
SonarSource/sonarqube-scan-actionfrom 6.0.0 to 8.2.0Release notes
Sourced from SonarSource/sonarqube-scan-action's releases.
... (truncated)
Commits
7138816SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows (#251)3581139SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4...c9d327cSQSCANGHA-84 Remove outdated wget/curl referencesb243e51SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support375c3f5SQSCANGHA-149 Add scannerBinariesAuthHeader input for authenticated binary do...9c78323SQSCANGHA-144 Add gate jobs to QA workflows for branch protection7006c44Update SonarScanner CLI to 8.1.0.6389edd319fNO-JIRA Bump actions/setup-node from 6.3.0 to 6.4.0 (#234)e050aa9NO-JIRA Bump actions/cache from 5.0.4 to 5.0.5 (#231)6cd3d8fNO-JIRA Bump madhead/semver-utils from 4.3.0 to 5.0.0Updates
actions/setup-nodefrom 4.4.0 to 6.4.0Release notes
Sourced from actions/setup-node's releases.
... (truncated)
Commits
48b55a0Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)ab72c7eUpgrade@actionsdependencies (#1525)53b8394Bump minimatch from 3.1.2 to 3.1.5 (#1498)54045abScope test lockfiles by package manager and update cache tests (#1495)c882bffReplace uuid with crypto.randomUUID() (#1378)774c1d6feat(node-version-file): support parsingdevEnginesfield (#1283)efcb663fix: remove hardcoded bearer (#1467)d02c89dFix npm audit issues (#1491)6044e13Docs: bump actions/checkout from v5 to v6 (#1468)8e49463Fix README typo (#1226)Updates
actions/download-artifactfrom 4.3.0 to 8.0.1Release notes
Sourced from actions/download-artifact's releases.
... (truncated)
Commits
3e5f45bAdd regression tests for CJK characters (#471)e6d03f6Add a regression test for artifact name + content-type mismatches (#472)70fc10cMerge pull request #461 from actions/danwkennedy/digest-mismatch-behaviorf258da9Add change docsccc058eFix linting issuesbd7976bAdd a setting to specify what to do on hash mismatch and default it toerrorac21fcfMerge pull request #460 from actions/danwkennedy/download-no-unzip15999bfAdd note about pac...Description has been truncated