Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the github-actions group across 1 directory with 7 updates #17447

Closed
wants to merge 1 commit into from
Closed

Bump the github-actions group across 1 directory with 7 updates #17447

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Mar 30, 2025
edited
Loading

Bumps the github-actions group with 7 updates in the / directory:

Package From To
thollander/actions-comment-pull-request 1 3
actions/checkout 2 4
anchore/scan-action 3 6
actions/setup-node 3 4
actions/github-script 6 7
tspascoal/get-user-teams-membership 1 3
actions/setup-python 2 5

Updates thollander/actions-comment-pull-request from 1 to 3

Release notes

Sourced from thollander/actions-comment-pull-request's releases.

v3.0.0

What's Changed

Breaking changes

Parameters

  • From filePath to file-path
  • From GITHUB_TOKEN to github-token
  • From pr_number to pr-number
  • From comment_tag to comment-tag
  • From create_if_not_exists to create-if-not-exists

Mode

delete now deletes a comment immediately. To delete the comment at the end of the job, use delete-on-completion mode.

Full Changelog: thollander/actions-comment-pull-request@v2...v3.0.0

v2.5.0 : Node 20 version support

What's Changed

Full Changelog: thollander/actions-comment-pull-request@v2.4.3...v2.5.0

v2.4.3 : outputs variables

What's Changed

Full Changelog: thollander/actions-comment-pull-request@v2...v2.4.3

v2.4.2 : dependencies update

What's Changed

... (truncated)

Commits
  • 65f9e5c docs: add migration guide
  • 107ab45 feat: manage delete modes in a better way
  • ce644a4 chore(deps-dev): bump @​types/node from 20.8.7 to 22.7.5 (#389)
  • 52f13cb chore(deps-dev): bump typescript from 5.3.3 to 5.6.3 (#390)
  • 77f7e42 chore(deps-dev): bump @​tsconfig/node20 from 20.1.2 to 20.1.4 (#367)
  • e5dae98 chore(deps-dev): bump prettier from 3.0.3 to 3.2.5 (#350)
  • bc14ce3 chore(deps-dev): bump typescript from 5.2.2 to 5.3.3 (#326)
  • fabd468 Merge pull request #307 from thollander/feat/node-20
  • cb9f4be chore: bump to v2.5.0
  • 2f69210 feat: node 20 version support
  • Additional commits viewable in compare view

Updates actions/checkout from 2 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

... (truncated)

Commits

Updates anchore/scan-action from 3 to 6

Release notes

Sourced from anchore/scan-action's releases.

v6.0.0

New in scan-action v6.0.0

Breaking Change

  • feat: add output-file option, default to random directory output in temp (#346) [kzantow]

The action no longer generates files in your working directory by default, instead you should use the action outputs: ${{ steps.<id>.outputs.sarif }} where the <id> needs to match the id you configured to reference the scan-action, e.g.:

      - uses: anchore/scan-action@v6
        id: scan
        ...
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}

Other Changes

v5.3.0

New in scan-action v5.3.0

v5.2.1

New in scan-action v5.2.1

v5.2.0

New in scan-action v5.2.0

v5.1.0

New in scan-action v5.1.0

... (truncated)

Commits
  • 7c05671 chore(deps): bump undici from 5.28.4 to 5.28.5 (#429)
  • 0a0c9f0 chore(deps): bump @​actions/tool-cache from 2.0.1 to 2.0.2 (#425)
  • 1133611 chore(deps-dev): bump lint-staged from 15.3.0 to 15.4.1 (#426)
  • 3830b3c chore(deps): update Grype to v0.87.0 (#430)
  • 3081c32 chore(deps): bump release-drafter/release-drafter from 6.0.0 to 6.1.0 (#428)
  • 54c4de5 chore(deps-dev): bump eslint from 9.17.0 to 9.18.0 (#423)
  • 46a02d8 chore(deps): bump peter-evans/create-pull-request from 7.0.5 to 7.0.6 (#419)
  • 6eaf06d docs: update docs to v6 remove stale changelog (#422)
  • 27d81ab chore(deps-dev): bump eslint from 9.16.0 to 9.17.0 (#417)
  • abae793 chore(deps): update Grype to v0.86.1 (#416)
  • Additional commits viewable in compare view

Updates actions/setup-node from 3 to 4

Release notes

Sourced from actions/setup-node's releases.

v4.0.0

What's Changed

In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in actions/setup-node#866

Besides, release contains such changes as:

New Contributors

Full Changelog: actions/setup-node@v3...v4.0.0

v3.8.2

What's Changed

Full Changelog: actions/setup-node@v3...v3.8.2

v3.8.1

What's Changed

In scope of this release, the filter was removed within the cache-save step by @​dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.

Full Changelog: actions/setup-node@v3...v3.8.1

v3.8.0

What's Changed

Bug fixes:

Feature implementations:

Documentation changes:

Update dependencies:

... (truncated)

Commits

Updates actions/github-script from 6 to 7

Release notes

Sourced from actions/github-script's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v6.4.1...v7.0.0

v6.4.1

What's Changed

New Contributors

Full Changelog: actions/github-script@v6.4.0...v6.4.1

v6.4.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v6.3.3...v6.4.0

v6.3.3

What's Changed

New Contributors

Full Changelog: actions/github-script@v6.3.2...v6.3.3

v6.3.2

What's Changed

... (truncated)

Commits
  • 60a0d83 Merge pull request #440 from actions/joshmgross/v7.0.1
  • b7fb200 Update version to 7.0.1
  • 12e22ed Merge pull request #439 from actions/joshmgross/avoid-setting-base-url
  • d319f8f Avoid setting baseUrl to undefined when input is not provided
  • e69ef54 Merge pull request #425 from actions/joshmgross/node-20
  • ee0914b Update licenses
  • d6fc56f Use @types/node for Node 20
  • 384d6cf Fix quotations in tests
  • 8472492 Only validate GraphQL previews
  • 84903f5 Remove node-fetch from type
  • Additional commits viewable in compare view

Updates tspascoal/get-user-teams-membership from 1 to 3

Release notes

Sourced from tspascoal/get-user-teams-membership's releases.

3.0.0

What's Changed

Full Changelog: tspascoal/get-user-teams-membership@v2...v3.0.0

v2.1.0

What's Changed

Features

Dependency Updates

New Contributors

Full Changelog: tspascoal/get-user-teams-membership@v2...v2.1.0

v2.0.0

What's Changed

This version a minimum Actions Runner version of v2.285.0 to run, which is by default available in GHES 3.4 or later.

New Contributors

Full Changelog: tspascoal/get-user-teams-membership@v1...v2.0.0

v1.0.4

Upgraded dependendencies

Upgrade @​actions/core and @​actions/github

V1.0.3

What has changed.

  • Update dependencies

v1.0.2

What's Changed

... (truncated)

Commits
  • 57e9f42 Merge pull request #21 from tspascoal/tspascoal/upgrade-action-node20
  • 6c688f6 Update readme example to use v3
  • b3d3f07 Upgrade to node 20
  • fc95949 Add devcontainer for node 20
  • ba78054 Merge pull request #20 from tspascoal/prepare-release-2-1-0
  • bc09997 Update dist code to prepare for 2.1.0 release
  • 81150cc Merge pull request #17 from binayabaral/master
  • f53c98a Minor improvement. Trim individual team names on team input
  • faf66e7 Merge pull request #19 from tspascoal/dependabot/npm_and_yarn/vercel/ncc-0.38.0
  • fa9bf79 Merge pull request #18 from tspascoal/dependabot/npm_and_yarn/actions/core-1....
  • Additional commits viewable in compare view

Updates actions/setup-python from 2 to 5

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py

Besides, the release contains such changes as:

New Contributors

Full Changelog: actions/setup-python@v4...v4.8.0

v4.7.1

What's Changed

Full Changelog: actions/setup-python@v4...v4.7.1

v4.7.0

In scope of this release, the support for reading python version from pyproject.toml was added (actions/setup-python#669).

      - name: Setup Python
        uses: actions/setup-python@v4
</tr></table>

... (truncated)

Commits
  • 8d9ed9a Add e2e Testing for free threaded and Bump @​action/cache from 4.0.0 to 4.0.3 ...
  • 19e4675 Add support for .tool-versions file in setup-python (#1043)
  • 6fd11e1 Bump @​actions/glob from 0.4.0 to 0.5.0 (#1015)
  • 9e62be8 Support free threaded Python versions like '3.13t' (#973)
  • 6ca8e85 Bump @​vercel/ncc from 0.38.1 to 0.38.3 (#1016)
  • 8039c45 fix: install PyPy on Linux ARM64 (#1011)
  • 4237552 Improve Advanced Usage examples (#645)
  • 709bfa5 Bump requests from 2.24.0 to 2.32.2 in /tests/data (#1019)
  • ceb20b2 Bump @​actions/http-client from 2.2.1 to 2.2.3 (#1020)
  • 0dc2d2c Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1014)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the github-actions group across 1 directory with 7 updates
356b107 
Bumps the github-actions group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [thollander/actions-comment-pull-request](https://github.com/thollander/actions-comment-pull-request) | `1` | `3` |
| [actions/checkout](https://github.com/actions/checkout) | `2` | `4` |
| [anchore/scan-action](https://github.com/anchore/scan-action) | `3` | `6` |
| [actions/setup-node](https://github.com/actions/setup-node) | `3` | `4` |
| [actions/github-script](https://github.com/actions/github-script) | `6` | `7` |
| [tspascoal/get-user-teams-membership](https://github.com/tspascoal/get-user-teams-membership) | `1` | `3` |
| [actions/setup-python](https://github.com/actions/setup-python) | `2` | `5` |



Updates `thollander/actions-comment-pull-request` from 1 to 3
- [Release notes](https://github.com/thollander/actions-comment-pull-request/releases)
- [Commits](thollander/actions-comment-pull-request@v1...v3)

Updates `actions/checkout` from 2 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v2...v4)

Updates `anchore/scan-action` from 3 to 6
- [Release notes](https://github.com/anchore/scan-action/releases)
- [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md)
- [Commits](anchore/scan-action@v3...v6)

Updates `actions/setup-node` from 3 to 4
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v3...v4)

Updates `actions/github-script` from 6 to 7
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v6...v7)

Updates `tspascoal/get-user-teams-membership` from 1 to 3
- [Release notes](https://github.com/tspascoal/get-user-teams-membership/releases)
- [Commits](tspascoal/get-user-teams-membership@v1...v3)

Updates `actions/setup-python` from 2 to 5
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v2...v5)

---
updated-dependencies:
- dependency-name: thollander/actions-comment-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: anchore/scan-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: tspascoal/get-user-teams-membership
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Mar 30, 2025

Reviewers

The following teams could not be added as reviewers: observablt-ci, observablt-ci-contractors. Either they do not exist or they do not have the correct permissions to be added as a reviewer.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 30, 2025
@mergify Mergify
Copy link

mergify bot commented Mar 30, 2025

This pull request does not have a backport label. Could you fix it @dependabot[bot]? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

  • backport-8./d is the label to automatically backport to the 8./d branch. /d is the digit.
  • backport-8.x is the label to automatically backport to the 8.x branch.
  • If no backport is necessary, please add the backport-skip label

@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Mar 31, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 31, 2025
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-fcfc7e62d6 branch March 31, 2025 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants