Bump the actions group in /.github/workflows with 15 updates#613
Open
dependabot[bot] wants to merge 5 commits into
Open
Bump the actions group in /.github/workflows with 15 updates#613dependabot[bot] wants to merge 5 commits into
dependabot[bot] wants to merge 5 commits into
Conversation
Bumps the actions group in /.github/workflows with 15 updates: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.2` | `2.19.4` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.1.0` | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` | | [ad-m/github-push-action](https://github.com/ad-m/github-push-action) | `1.0.0` | `1.3.0` | | [github/codeql-action/init](https://github.com/github/codeql-action) | `3.30.6` | `4.36.2` | | [github/codeql-action/analyze](https://github.com/github/codeql-action) | `3.30.6` | `4.36.2` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [actions/labeler](https://github.com/actions/labeler) | `6.0.1` | `6.1.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.4` | `6.1.0` | | [mamba-org/setup-micromamba](https://github.com/mamba-org/setup-micromamba) | `2.0.7` | `3.0.0` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `3.30.6` | `4.36.2` | Updates `step-security/harden-runner` from 2.13.2 to 2.19.4 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@v2.13.2...9af89fc) Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@21025c7...25dd0e3) Updates `actions/checkout` from 6.0.2 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...9c091bb) Updates `actions/setup-python` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a309ff8...ece7cb0) Updates `ad-m/github-push-action` from 1.0.0 to 1.3.0 - [Release notes](https://github.com/ad-m/github-push-action/releases) - [Commits](ad-m/github-push-action@77c5b41...881a632) Updates `github/codeql-action/init` from 3.30.6 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@64d10c1...8aad20d) Updates `github/codeql-action/analyze` from 3.30.6 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@64d10c1...8aad20d) Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@2031cfc...a1d282b) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@ed59741...3a2844b) Updates `actions/labeler` from 6.0.1 to 6.1.0 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@634933e...f27b608) Updates `actions/cache` from 5.0.4 to 6.1.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@6682284...55cc834) Updates `mamba-org/setup-micromamba` from 2.0.7 to 3.0.0 - [Release notes](https://github.com/mamba-org/setup-micromamba/releases) - [Commits](mamba-org/setup-micromamba@add3a49...d7c9bd8) Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@ed0c539...cef2210) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@bbbca2d...043fb46) Updates `github/codeql-action/upload-sarif` from 3.30.6 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@64d10c1...8aad20d) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: dependabot/fetch-metadata dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: ad-m/github-push-action dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: github/codeql-action/init dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action/analyze dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/dependency-review-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/labeler dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/cache dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: mamba-org/setup-micromamba dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: github/codeql-action/upload-sarif dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
|
Note It appears that this Pull Request modifies the On inspection, the No further action is required. |
Zeitsperre
approved these changes
Jul 2, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the actions group in /.github/workflows with 15 updates:
2.13.22.19.42.5.03.1.06.0.27.0.06.2.06.3.01.0.01.3.03.30.64.36.23.30.64.36.24.9.05.0.08.0.09.0.06.0.16.1.05.0.46.1.02.0.73.0.01.13.01.14.07.0.07.0.13.30.64.36.2Updates
step-security/harden-runnerfrom 2.13.2 to 2.19.4Release notes
Sourced from step-security/harden-runner's releases.
... (truncated)
Commits
9af89fcMerge pull request #667 from step-security/update-agent-v1.8.6485dce8Update agent to v1.8.6ab7a940Merge pull request #665 from step-security/fix/use-policy-store-default-auditec41b78Default to audit mode when api-key missing with use-policy-store9ca718dMerge pull request #664 from step-security/update-agent-v1.8.51dee3dfUpdate agent to v1.8.5a5ad31dMerge pull request #657 from devantler/fix/ubuntu-slim-user-env6e92856build dist and trim ubuntu-slim message4e0504eMerge branch 'main' into fix/ubuntu-slim-user-env8d3c67dRelease v2.19.0 (#661)Updates
dependabot/fetch-metadatafrom 2.5.0 to 3.1.0Release notes
Sourced from dependabot/fetch-metadata's releases.
... (truncated)
Commits
25dd0e3v3.1.0 (#692)e073f50Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.140670e16build(deps-dev): bump hono from 4.12.12 to 4.12.147a7fe10Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...5168191Updating dist build23882e1build(deps): bump@actions/githubin the dependencies group1072469Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...43f8a00build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1b4d904aMerge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0c8046bbbuild(deps-dev): bump globals from 17.4.0 to 17.5.0Updates
actions/checkoutfrom 6.0.2 to 7.0.0Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
9c091bbupdate error wording (#2467)1044a6dgetting ready for checkout v7 release (#2464)f028218Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)d914b26upgrade module to esm and update dependencies (#2463)537c7efBump@actions/coreand@actions/tool-cacheand Remove uuid (#2459)130a169Bump js-yaml from 4.1.0 to 4.2.0 (#2461)7d09575Bump flatted from 3.3.1 to 3.4.2 (#2460)0f9f3aaBump actions/publish-immutable-action (#2458)f9e715ablock checking out fork pr for pull_request_target and workflow_run (#2454)df4cb1cUpdate changelog for v6.0.3 (#2446)Updates
actions/setup-pythonfrom 6.2.0 to 6.3.0Release notes
Sourced from actions/setup-python's releases.
Commits
ece7cb0Fix pip cache error handling on Windows. (#1040)1d18d7aUpdate advanced-usage.md (#811)d2b357aUpdate dependency versions and test workflow configuration (#1322)8f639b1Merge pull request #1324 from jasongin/update-actions-cache-5.1.06731c2bResolve high-severity audit issues0cb1a84Add RHEL support and include Linux distro in cache keys (#1323)dc6eab6Update dist6f4b74bStrict equalityfa8bde1Bump@actions/cacheto 5.1.0, log cache write deniedc8813baUpgrade@actionsdependencies and update licenses (#1303)Updates
ad-m/github-push-actionfrom 1.0.0 to 1.3.0Release notes
Sourced from ad-m/github-push-action's releases.
Commits
881a632feat: Adjust the detached HEAD documentation (#376)f917f9bfeat: Add addional GH token descriptor name (#375)fdfe7e8feat: Add git pull support (#373)d30dc2ddocs: Adjust the link4cc7477Upgrade Node.js version from 20 to 24 (#328)57116acdocs: Remove the url linkUpdates
github/codeql-action/initfrom 3.30.6 to 4.36.2Release notes
Sourced from github/codeql-action/init's releases.
... (truncated)
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
8aad20dMerge pull request #3949 from github/update-v4.36.2-dcb947ce1f521b08Add additional changelog notes8aeff0fUpdate changelog for v4.36.2dcb947cMerge pull request #3948 from github/update-bundle/codeql-bundle-v2.25.6c251bceAdd changelog note62953c1Update default bundle to codeql-bundle-v2.25.6423b570Merge pull request #3946 from github/dependabot/npm_and_yarn/npm-minor-5d507a...c35d1b1Merge pull request #3947 from github/dependabot/github_actions/dot-github/wor...cb1a588Merge pull request #3937 from github/robertbrignull/waitForProcessing_backoffba47406Merge pull request #3943 from github/henrymercer/cache-cli-version-infoUpdates
github/codeql-action/analyzefrom 3.30.6 to 4.36.2Release notes
Sourced from github/codeql-action/analyze's releases.