Bump the github-actions group with 14 updates #70384

dependabot · 2024-06-25T19:54:54Z

Bumps the github-actions group with 14 updates:

Package	From	To
actions/checkout	`3.2.0`	`4.1.7`
actions/github-script	`6.3.3`	`7.0.1`
google/osv-scanner-action	`1.6.2.pre.beta1`	`1.7.4`
actions/setup-python	`4.3.1`	`5.1.0`
peter-evans/create-pull-request	`4.2.3`	`6.1.0`
ossf/scorecard-action	`2.3.1`	`2.3.3`
actions/upload-artifact	`3.pre.node20`	`4.3.3`
github/codeql-action	`3.24.9`	`3.25.10`
docker/setup-buildx-action	`2.2.1`	`3.3.0`
docker/login-action	`2.1.0`	`3.2.0`
docker/build-push-action	`3.2.0`	`6.1.0`
mshick/add-pr-comment	`a65df5f64fc741e91c59b8359a4bc56e57aaf5b1`	`dd126dd8c253650d181ad9538d8b4fa218fc31e8`
actions/stale	`7.0.0`	`9.0.0`
zofrex/mirror-branch	`1.0.3`	`1.0.4`

Updates actions/checkout from 3.2.0 to 4.1.7

Release notes

Sourced from actions/checkout's releases.

v4.1.7

What's Changed

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

New Contributors

@orhantoy made their first contribution in actions/checkout#1774

Full Changelog: actions/checkout@v4.1.6...v4.1.7

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

Full Changelog: actions/checkout@v4.1.4...v4.1.5

v4.1.4

What's Changed

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Full Changelog: actions/checkout@v4.1.3...v4.1.4

v4.1.3

What's Changed

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Full Changelog: actions/checkout@v4.1.2...v4.1.3

v4.1.2

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

v4.0.0

Support fetching without the --progress option

Update to node20

v3.6.0

Fix: Mark test scripts with Bash'isms to be run via Bash

Add option to fetch tags even if fetch-depth > 0

v3.5.3

Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in

Fix typos found by codespell

... (truncated)

Commits

692973e Prepare 4.1.7 release (#1775)
6ccd57f Pin actions/checkout's own workflows to a known, good, stable version. (#1776)
b17fe1e Handle hidden refs (#1774)
b80ff79 Bump actions/checkout from 3 to 4 (#1697)
b1ec302 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1739)
a5ac7e5 Update for 4.1.6 release (#1733)
24ed1a3 Check platform for extension (#1732)
44c2b7a README: Suggest user.email to be `41898282+github-actions[bot]@users.norepl...
8459bc0 Bump actions/upload-artifact from 2 to 4 (#1695)
3f603f6 Bump actions/setup-node from 1 to 4 (#1696)
Additional commits viewable in compare view

Updates actions/github-script from 6.3.3 to 7.0.1

Release notes

Sourced from actions/github-script's releases.

v7.0.1

What's Changed

Avoid setting baseUrl to undefined when input is not provided by @joshmgross in actions/github-script#439

Full Changelog: actions/github-script@v7.0.0...v7.0.1

v7.0.0

What's Changed

Add base-url option by @robandpdx in actions/github-script#429

Expose async-function argument type by @viktorlott in actions/github-script#402, see for details https://github.com/actions/github-script#use-scripts-with-jsdoc-support

Update dependencies and use Node 20 by @joshmgross in actions/github-script#425

New Contributors

@navarroaxel made their first contribution in actions/github-script#285

@robandpdx made their first contribution in actions/github-script#429

@viktorlott made their first contribution in actions/github-script#402

Full Changelog: actions/github-script@v6.4.1...v7.0.0

v6.4.1

What's Changed

Add @octokit/plugin-request-log, to produce debug output for requests by @mjpieters in actions/github-script#358

fix input handling by @mjpieters in actions/github-script#357

Remove unused dependencies by @mjpieters in actions/github-script#356

Default debug to current runner debug state by @mjpieters in actions/github-script#363

New Contributors

@mjpieters made their first contribution in actions/github-script#358

Full Changelog: actions/github-script@v6.4.0...v6.4.1

v6.4.0

What's Changed

Bump json5 from 2.1.3 to 2.2.3 by @dependabot in actions/github-script#319

Bump minimatch from 3.0.4 to 3.1.2 by @dependabot in actions/github-script#320

Add node-fetch by @danmichaelo in actions/github-script#321

New Contributors

@jongwooo made their first contribution in actions/github-script#313

@austinvazquez made their first contribution in actions/github-script#306

@danmichaelo made their first contribution in actions/github-script#321

Full Changelog: actions/github-script@v6.3.3...v6.4.0

Commits

60a0d83 Merge pull request #440 from actions/joshmgross/v7.0.1
b7fb200 Update version to 7.0.1
12e22ed Merge pull request #439 from actions/joshmgross/avoid-setting-base-url
d319f8f Avoid setting baseUrl to undefined when input is not provided
e69ef54 Merge pull request #425 from actions/joshmgross/node-20
ee0914b Update licenses
d6fc56f Use @types/node for Node 20
384d6cf Fix quotations in tests
8472492 Only validate GraphQL previews
84903f5 Remove node-fetch from type
Additional commits viewable in compare view

Updates google/osv-scanner-action from 1.6.2.pre.beta1 to 1.7.4

Release notes

Sourced from google/osv-scanner-action's releases.

v1.7.3

What's Changed

Branches filter is not available for merge_group by @thomasleplus in google/osv-scanner-action#15

Update to track osv-scanner v1.7.3 by @another-rex in google/osv-scanner-action#17

New Contributors

@shahar-h made their first contribution in google/osv-scanner-action#8

@thomasleplus made their first contribution in google/osv-scanner-action#15

Full Changelog: google/osv-scanner-action@v1.7.1...v1.7.3

v1.7.1

First full release of osv-scanner, currently using v1.7.1 of osv-scanner. See README.md or documentation for usage instructions.

Commits

ba0b4d1 1.7.4 release (#24)
37531d8 Fixes #21 (#22)
8d8993e Fix configuration not found warning when using unified gh workflow (#20)
fe5d4da Update workflow files (#18)
75532bf Merge pull request #17 from google/update-to-v1.7.3
5579380 Revert workflow tag cchanges
e1d89d3 Update to v1.7.3
667ecd2 Merge pull request #15 from thomasleplus/main
d8e1333 Branches filter is not available for merge_group
c6d5eb1 Merge pull request #8 from shahar-h/upgrade-actions
Additional commits viewable in compare view

Updates actions/setup-python from 4.3.1 to 5.1.0

Release notes

Sourced from actions/setup-python's releases.

v5.1.0

What's Changed

Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @Shegox in actions/setup-python#766.

Dependency updates by @dependabot and @HarithaVattikuti in actions/setup-python#817

Documentation changes for version in README by @basnijholt in actions/setup-python#776

Documentation changes for link in README by @ukd1 in actions/setup-python#793

Documentation changes for link in Advanced Usage by @Jamim in actions/setup-python#782

Documentation changes for avoiding rate limit issues on GHES by @priya-kinthali in actions/setup-python#835

New Contributors

@basnijholt made their first contribution in actions/setup-python#776

@ukd1 made their first contribution in actions/setup-python#793

@Jamim made their first contribution in actions/setup-python#782

@Shegox made their first contribution in actions/setup-python#766

@priya-kinthali made their first contribution in actions/setup-python#835

Full Changelog: actions/setup-python@v5.0.0...v5.1.0

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py
Besides, the release contains such changes as:

Trim python version when reading from file by @FerranPares in actions/setup-python#628

Use non-deprecated versions in examples by @jeffwidman in actions/setup-python#724

Change deprecation comment to past tense by @jeffwidman in actions/setup-python#723

Bump @babel/traverse from 7.9.0 to 7.23.2 by @dependabot in actions/setup-python#743

advanced-usage.md: Encourage the use actions/checkout@v4 by @cclauss in actions/setup-python#729

Examples now use checkout@v4 by @simonw in actions/setup-python#738

Update actions/checkout to v4 by @dmitry-shibanov in actions/setup-python#761

New Contributors

@FerranPares made their first contribution in actions/setup-python#628

@timfel made their first contribution in actions/setup-python#694

... (truncated)

Commits

82c7e63 Documentation changes for avoiding rate limit issues on GHES (#835)
10aa35a feat: fallback to raw endpoint for manifest when rate limit is reached (#766)
9a7ac94 Bump undici from 5.27.2 to 5.28.3 (#817)
871daa9 Fix the "Specifying multiple Python/PyPy versions" link (#782)
2f07895 Fix broken README.md link (#793)
e9d6f99 Replace setup-python@v4 by setup-python@v5 in README (#776)
0a5c615 Update action to node20 (#772)
0ae5836 Add example of GraalPy to docs (#773)
b64ffca update actions/checkout to v4 (#761)
8d28961 Examples now use checkout@v4 (#738)
Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 4.2.3 to 6.1.0

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v6.1.0

✨ Adds pull-request-branch as an action output.

What's Changed

build(deps): bump undici from 6.14.1 to 6.15.0 by @dependabot in peter-evans/create-pull-request#2873

Update distribution by @actions-bot in peter-evans/create-pull-request#2878

build(deps-dev): bump @types/node from 18.19.31 to 18.19.32 by @dependabot in peter-evans/create-pull-request#2884

build(deps-dev): bump @types/node from 18.19.32 to 18.19.33 by @dependabot in peter-evans/create-pull-request#2890

build(deps-dev): bump ts-jest from 29.1.2 to 29.1.3 by @dependabot in peter-evans/create-pull-request#2892

build(deps): bump undici from 6.15.0 to 6.18.0 by @dependabot in peter-evans/create-pull-request#2891

Update distribution by @actions-bot in peter-evans/create-pull-request#2907

build(deps): bump undici from 6.18.0 to 6.18.1 by @dependabot in peter-evans/create-pull-request#2913

build(deps-dev): bump ts-jest from 29.1.3 to 29.1.4 by @dependabot in peter-evans/create-pull-request#2914

Update distribution by @actions-bot in peter-evans/create-pull-request#2921

build(deps): bump undici from 6.18.1 to 6.18.2 by @dependabot in peter-evans/create-pull-request#2934

build(deps-dev): bump prettier from 3.2.5 to 3.3.0 by @dependabot in peter-evans/create-pull-request#2936

build(deps-dev): bump @types/node from 18.19.33 to 18.19.34 by @dependabot in peter-evans/create-pull-request#2935

Update distribution by @actions-bot in peter-evans/create-pull-request#2947

build(deps-dev): bump prettier from 3.3.0 to 3.3.2 by @dependabot in peter-evans/create-pull-request#2959

build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @dependabot in peter-evans/create-pull-request#2962

build(deps-dev): bump ws from 8.11.0 to 8.17.1 by @dependabot in peter-evans/create-pull-request#2970

build(deps-dev): bump ts-jest from 29.1.4 to 29.1.5 by @dependabot in peter-evans/create-pull-request#2975

build(deps-dev): bump @types/node from 18.19.34 to 18.19.36 by @dependabot in peter-evans/create-pull-request#2976

build(deps): bump undici from 6.18.2 to 6.19.2 by @dependabot in peter-evans/create-pull-request#2977

Update distribution by @actions-bot in peter-evans/create-pull-request#2990

feat: add branch name output by @peter-evans in peter-evans/create-pull-request#2995

Full Changelog: peter-evans/create-pull-request@v6.0.5...v6.1.0

Create Pull Request v6.0.5

⚙️ Fixes an issue with proxy support for users that run self-hosted behind a proxy.

What's Changed

fix: update proxy support to follow octokit change to fetch api by @peter-evans in peter-evans/create-pull-request#2867

Full Changelog: peter-evans/create-pull-request@v6.0.4...v6.0.5

Create Pull Request v6.0.4

⚡ Improves performance in some cases for very large git repositories.

What's Changed

perf: limit the fetch depth of pr branch by @peter-evans in peter-evans/create-pull-request#2857

Full Changelog: peter-evans/create-pull-request@v6.0.3...v6.0.4

Create Pull Request v6.0.3

⚡ Improves performance of the push-to-fork feature.

... (truncated)

Commits

c5a7806 feat: add branch name output (#2995)
4383ba9 build: update distribution (#2990)
36f7648 build(deps): bump undici from 6.18.2 to 6.19.2 (#2977)
5f7c158 build(deps-dev): bump @types/node from 18.19.34 to 18.19.36 (#2976)
db1713d build(deps-dev): bump ts-jest from 29.1.4 to 29.1.5 (#2975)
ca98a71 build(deps-dev): bump ws from 8.11.0 to 8.17.1 (#2970)
ce00808 build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#2962)
7318c0b build(deps-dev): bump prettier from 3.3.0 to 3.3.2 (#2959)
e30bbbb build: update distribution (#2947)
bad19b8 build(deps-dev): bump @types/node from 18.19.33 to 18.19.34 (#2935)
Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.3.1 to 2.3.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.3

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @spencerschrock in ossf/scorecard-action#1366

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @spencerschrock in ossf/scorecard-action#1374

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @spencerschrock in ossf/scorecard-action#1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

📖 Move token discussion out of main README. by @spencerschrock in ossf/scorecard-action#1279

📖 link to ossf/scorecard workflow instead of maintaining an example by @spencerschrock in ossf/scorecard-action#1352

📖 update api links to new scorecard.dev site by @spencerschrock in ossf/scorecard-action#1376

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

Commits

dc50aa9 🌱 Bump docker tag for v2.3.3 release (#1368)
8ff5700 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....
8ba5e73 update api links to new scorecard.dev site (#1376)
92ddde3 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)
6c55905 🌱 Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)
09bb953 🌱 Bump distroless/base in the docker-images group (#1372)
1511e13 🌱 Bump the github-actions group across 1 directory with 6 updates (#...
df66cd8 🌱 Bump the docker-images group with 2 updates (#1370)
fad9a3c 🌱 Bump distroless/base in the docker-images group (#1364)
1e01a30 🌱 Bump the github-actions group with 3 updates (#1365)
Additional commits viewable in compare view

Updates actions/upload-artifact from 3.pre.node20 to 4.3.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.3

What's Changed

updating @actions/artifact dependency to v2.1.6 by @eggyhead in actions/upload-artifact#565

Full Changelog: actions/upload-artifact@v4.3.2...v4.3.3

v4.3.2

What's Changed

Update release-new-action-version.yml by @konradpabjan in actions/upload-artifact#516

Minor fix to the migration readme by @andrewakim in actions/upload-artifact#523

Update readme with v3/v2/v1 deprecation notice by @robherley in actions/upload-artifact#561

updating @actions/artifact dependency to v2.1.5 and @actions/core to v1.0.1 by @eggyhead in actions/upload-artifact#562

New Contributors

@andrewakim made their first contribution in actions/upload-artifact#523

Full Changelog: actions/upload-artifact@v4.3.1...v4.3.2

v4.3.1

Bump @actions/artifacts to latest version to include updated GHES host check

v4.3.0

What's Changed

Reorganize upload code in prep for merge logic & add more tests by @robherley in actions/upload-artifact#504

Add sub-action to merge artifacts by @robherley in actions/upload-artifact#505

Full Changelog: actions/upload-artifact@v4...v4.3.0

v4.2.0

What's Changed

Ability to overwrite an Artifact by @robherley in actions/upload-artifact#501

Full Changelog: actions/upload-artifact@v4...v4.2.0

v4.1.0

What's Changed

Add migrations docs by @robherley in actions/upload-artifact#482

Update README.md by @samuelwine in actions/upload-artifact#492

Support artifact-url output by @konradpabjan in actions/upload-artifact#496

Update readme to reflect new 500 artifact per job limit by @robherley in actions/upload-artifact#497

New Contributors

@samuelwine made their first contribution in actions/upload-artifact#492

Full Changelog: actions/upload-artifact@v4...v4.1.0

v4.0.0

... (truncated)

Commits

6546280 updating package version
c004fb4 Merge branch 'main' into eggyhead/use-artifact-v2.1.6
90aba49 updating toolkit artifact dependency to 2.1.6
b06cde3 Merge pull request #563 from actions/eggyhead/release-4.3.2
1746f4a Revert "updating to release 4.3.2"
31685d0 updating to release 4.3.2
18bf333 Merge pull request #562 from actions/eggyhead/update-artifact-v215
dac413b update package lock version
bb3b4a3 updating package version
3e3da83 updating artifact and core dependencies
Additional commits viewable in compare view

Updates github/codeql-action from 3.24.9 to 3.25.10

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349

3.25.10 - 13 Jun 2024

Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330

The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. #2306

3.25.6 - 20 May 2024

Update default CodeQL bundle version to 2.17.3. #2295

3.25.5 - 13 May 2024

Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the https://github.com/github/codeql-action/blob/main/README.md. #2273

Avoid printing out a warning for a missing on.push trigger when the CodeQL Action is triggered via a workflow_call event. #2274

The tools: latest input to the init Action has been renamed to tools: linked. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. #2281

3.25.4 - 08 May 2024

Update default CodeQL bundle version to 2.17.2. #2270

3.25.3 - 25 Apr 2024

Update default CodeQL bundle version to 2.17.1. #2247

Workflows running on macos-latest using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as macos-12. ARM machines with SIP disabled, including the newest macos-latest image, are unsupported for CLI versions before 2.15.1. #2261

3.25.2 - 22 Apr 2024

No user facing changes.

... (truncated)

Commits

23acc5c Merge pull request #2337 from github/update-v3.25.10-5bf6dad35
9b72dbd Update changelog for v3.25.10
5bf6dad Merge pull request #2329 from github/henrymercer/csharp-buildless-rollback-me...
...
Description has been truncated

Bumps the github-actions group with 14 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3.2.0` | `4.1.7` | | [actions/github-script](https://github.com/actions/github-script) | `6.3.3` | `7.0.1` | | [google/osv-scanner-action](https://github.com/google/osv-scanner-action) | `1.6.2.pre.beta1` | `1.7.4` | | [actions/setup-python](https://github.com/actions/setup-python) | `4.3.1` | `5.1.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `4.2.3` | `6.1.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.3.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.pre.node20` | `4.3.3` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.24.9` | `3.25.10` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2.2.1` | `3.3.0` | | [docker/login-action](https://github.com/docker/login-action) | `2.1.0` | `3.2.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `3.2.0` | `6.1.0` | | [mshick/add-pr-comment](https://github.com/mshick/add-pr-comment) | `a65df5f64fc741e91c59b8359a4bc56e57aaf5b1` | `dd126dd8c253650d181ad9538d8b4fa218fc31e8` | | [actions/stale](https://github.com/actions/stale) | `7.0.0` | `9.0.0` | | [zofrex/mirror-branch](https://github.com/zofrex/mirror-branch) | `1.0.3` | `1.0.4` | Updates `actions/checkout` from 3.2.0 to 4.1.7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.2.0...692973e) Updates `actions/github-script` from 6.3.3 to 7.0.1 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@d556fea...60a0d83) Updates `google/osv-scanner-action` from 1.6.2.pre.beta1 to 1.7.4 - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@v1.6.2-beta1...v1.7.4) Updates `actions/setup-python` from 4.3.1 to 5.1.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@2c3dd9e...82c7e63) Updates `peter-evans/create-pull-request` from 4.2.3 to 6.1.0 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@2b011fa...c5a7806) Updates `ossf/scorecard-action` from 2.3.1 to 2.3.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...dc50aa9) Updates `actions/upload-artifact` from 3.pre.node20 to 4.3.3 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@97a0fba...6546280) Updates `github/codeql-action` from 3.24.9 to 3.25.10 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@1b1aada...23acc5c) Updates `docker/setup-buildx-action` from 2.2.1 to 3.3.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8c0edbc...d70bba7) Updates `docker/login-action` from 2.1.0 to 3.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@f4ef78c...0d4c9c5) Updates `docker/build-push-action` from 3.2.0 to 6.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@c56af95...31159d4) Updates `mshick/add-pr-comment` from a65df5f64fc741e91c59b8359a4bc56e57aaf5b1 to dd126dd8c253650d181ad9538d8b4fa218fc31e8 - [Release notes](https://github.com/mshick/add-pr-comment/releases) - [Commits](mshick/add-pr-comment@a65df5f...dd126dd) Updates `actions/stale` from 7.0.0 to 9.0.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@6f05e42...28ca103) Updates `zofrex/mirror-branch` from 1.0.3 to 1.0.4 - [Release notes](https://github.com/zofrex/mirror-branch/releases) - [Commits](zofrex/mirror-branch@a8809f0...0be56f4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/github-script dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: google/osv-scanner-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: mshick/add-pr-comment dependency-type: direct:production dependency-group: github-actions - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: zofrex/mirror-branch dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

keerthanakadiri · 2024-06-26T09:55:35Z

Hi @MichaelHudgins Can you please review this PR? Thank you .

dependabot · 2024-06-26T15:41:25Z

Superseded by #70450.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 25, 2024

google-ml-butler bot added the size:M CL Change Size: Medium label Jun 25, 2024

google-ml-butler bot assigned gbaned Jun 25, 2024

keerthanakadiri requested a review from MichaelHudgins June 26, 2024 09:11

google-ml-butler bot added the awaiting review Pull request awaiting review label Jun 26, 2024

keerthanakadiri added this to Assigned Reviewer in PR Queue via automation Jun 26, 2024

mihaimaruseac approved these changes Jun 26, 2024

View reviewed changes

PR Queue automation moved this from Assigned Reviewer to Approved by Reviewer Jun 26, 2024

google-ml-butler bot added kokoro:force-run Tests on submitted change ready to pull PR ready for merge process labels Jun 26, 2024

kokoro-team removed the kokoro:force-run Tests on submitted change label Jun 26, 2024

dependabot bot closed this Jun 26, 2024

PR Queue automation moved this from Approved by Reviewer to Closed/Rejected Jun 26, 2024

dependabot bot deleted the dependabot/github_actions/github-actions-f23be19037 branch June 26, 2024 15:41

google-ml-butler bot removed awaiting review Pull request awaiting review ready to pull PR ready for merge process labels Jun 26, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group with 14 updates #70384

Bump the github-actions group with 14 updates #70384

Bump the github-actions group with 14 updates #70384

Bump the github-actions group with 14 updates #70384

Conversation

v4.1.7

What's Changed

New Contributors

v4.1.6

What's Changed

v4.1.5

What's Changed

v4.1.4

What's Changed

v4.1.3

What's Changed

v4.1.2

Changelog

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v7.0.1

What's Changed

v7.0.0

What's Changed

New Contributors

v6.4.1

What's Changed

New Contributors

v6.4.0

What's Changed

New Contributors

v1.7.3

What's Changed

New Contributors

v1.7.1

v5.1.0

What's Changed

New Contributors

v5.0.0

What's Changed

v4.8.0

What's Changed

New Contributors

Create Pull Request v6.1.0

What's Changed

Create Pull Request v6.0.5

What's Changed

Create Pull Request v6.0.4

What's Changed

Create Pull Request v6.0.3

v2.3.3

What's Changed

Documentation

v4.3.3

What's Changed

v4.3.2

What's Changed

New Contributors

v4.3.1

v4.3.0

What's Changed

v4.2.0

What's Changed

v4.1.0

What's Changed

New Contributors

v4.0.0

CodeQL Action Changelog

[UNRELEASED]

3.25.10 - 13 Jun 2024

3.25.9 - 12 Jun 2024

3.25.8 - 04 Jun 2024

3.25.7 - 31 May 2024