Skip to content

build: bump the github-actions group with 7 updates#1

Open
dependabot[bot] wants to merge 1 commit intodependabotchangesfrom
dependabot/github_actions/dependabotchanges/github-actions-58de32488b
Open

build: bump the github-actions group with 7 updates#1
dependabot[bot] wants to merge 1 commit intodependabotchangesfrom
dependabot/github_actions/dependabotchanges/github-actions-58de32488b

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 24, 2026

Bumps the github-actions group with 7 updates:

Package From To
actions/checkout 4 6
tj-actions/changed-files 47.0.0 47.0.4
actions/setup-dotnet 4 5
codfish/semantic-release-action 4 5
actions/setup-python 5 6
actions/upload-pages-artifact 3 4
actions/upload-artifact 4 6

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates tj-actions/changed-files from 47.0.0 to 47.0.4

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.4

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.3...v47.0.4

v47.0.3

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.2...v47.0.3

v47.0.2

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.1...v47.0.2

v47.0.1

What's Changed

... (truncated)

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.4 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.6 (#2801) (7dee1b0) - (Tonye Jack)

47.0.3 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.0 (#2800) (28b28f6) - (Tonye Jack)

⚙️ Miscellaneous Tasks

  • deps: Bump github/codeql-action from 4.31.10 to 4.32.2 (#2790) (875e6e5) - (dependabot[bot])

47.0.2 - (2026-02-09)

🚀 Features

  • Add support for excluding symlinks and fix bug with commit not found (#2770) (8c4da28) - (Tonye Jack)

🐛 Bug Fixes

🔄 Update

  • Updated README.md (#2771)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (7d5bbf4) - (github-actions[bot])

  • Updated README.md (#2768)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (b3bb1f8) - (github-actions[bot])

  • Update README.md (c6a5847) - (Tonye Jack)

⚙️ Miscellaneous Tasks

  • deps: Bump actions/setup-node from 6.1.0 to 6.2.0 (#2766) (8cba46e) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 25.0.0 to 25.2.2 (#2793) (925972f) - (dependabot[bot])
  • deps: Bump @​stdlib/utils-convert-path from 0.2.2 to 0.2.3 (#2795) (a98754b) - (dependabot[bot])
  • deps: Bump actions/checkout from 6.0.1 to 6.0.2 (#2777) (9c13e73) - (dependabot[bot])
  • deps-dev: Bump @​types/lodash from 4.17.21 to 4.17.23 (#2759) (16d791c) - (dependabot[bot])
  • deps-dev: Bump eslint-plugin-jest from 29.11.0 to 29.12.1 (#2756) (8e056de) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.31.7 to 4.31.10 (#2761) (078e2bc) - (dependabot[bot])
  • Update matrix-example.yml (#2752) (2f2f6cf) - (Tonye Jack)
  • Update dist (#2769) (8262acc) - (Tonye Jack)
  • deps: Bump @​actions/core from 2.0.0 to 2.0.2 (#2757) (daf9d2d) - (dependabot[bot])

... (truncated)

Commits
  • 7dee1b0 update: release-tagger action to version 6.0.6 (#2801)
  • 28b28f6 update: release-tagger action to version 6.0.0 (#2800)
  • 875e6e5 chore(deps): bump github/codeql-action from 4.31.10 to 4.32.2 (#2790)
  • 8cba46e chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 (#2766)
  • 925972f chore(deps-dev): bump @​types/node from 25.0.0 to 25.2.2 (#2793)
  • a98754b chore(deps): bump @​stdlib/utils-convert-path from 0.2.2 to 0.2.3 (#2795)
  • 9c13e73 chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2777)
  • caee9d9 fix: Update test.yml (#2781)
  • 16d791c chore(deps-dev): bump @​types/lodash from 4.17.21 to 4.17.23 (#2759)
  • 8e056de chore(deps-dev): bump eslint-plugin-jest from 29.11.0 to 29.12.1 (#2756)
  • Additional commits viewable in compare view

Updates actions/setup-dotnet from 4 to 5

Release notes

Sourced from actions/setup-dotnet's releases.

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Updates

Bug Fixes

New Contributors

Full Changelog: actions/setup-dotnet@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/setup-dotnet@v4...v4.3.1

v4.3.0

What's Changed

New Contributors

... (truncated)

Commits
  • baa11fb Bump test dependencies to resolve System.Net.Http vulnerability, update workf...
  • 24ec4f2 Upgrade to latest actions packages (#687)
  • 4c100cb Fix icons (#604)
  • 25328d8 Bump actions/checkout from 5 to 6 (#684)
  • 937b8dd Update README with note on setting DOTNET_INSTALL_DIR for Linux permission is...
  • 2016bd2 Bump actions/publish-action from 0.3.0 to 0.4.0 and update macos-13 to macos-...
  • 21e81f6 Bump eslint-plugin-jest from 27.9.0 to 29.0.1 (#648)
  • 7403103 Bump typescript from 5.4.2 to 5.9.2 (#624)
  • d4c9434 Update to Node.js 24 and modernize async usage (#654)
  • 5c125af Bump actions/checkout from 4 to 5 (#662)
  • Additional commits viewable in compare view

Updates codfish/semantic-release-action from 4 to 5

Release notes

Sourced from codfish/semantic-release-action's releases.

v5.0.0

5.0.0 (2026-02-08)

Features

  • upgrade deps, node, bump semantic-release to v25 (#231) (6abd188)

BREAKING CHANGES

  • @​semantic-release/github no longer consumes the GitHub Search API in the plugin.

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this github action version except for Node version requirements. Because this is a docker-based github action, the version of node in use is defined inside of the docker image, not by the consuming runner or your code.

  • @​semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See github plugin v12 release notes.

  • semantic-release v25: Upgraded from v24.2.7 to v25.0.3

    • @​semantic-release/npm upgraded to v13
    • @​semantic-release/commit-analyzer and @​semantic-release/release-notes-generator moved from beta to stable
    • Dependency updates (yargs v18, hosted-git-info v9)
    • See semantic-release v25 release notes
  • npm OIDC Trusted Publishing Support: The upgrade to @​semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

  • Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

  • @​actions/core: Upgraded to v3.0.0 (internal implementation only)

  1. Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior
  2. Review semantic-release v25 changes
  3. Review @​semantic-release/github v12 changes
  4. Update your workflows to use @v5
  5. (Optional) Migrate to npm OIDC Trusted Publishing:
    • Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
    • Add id-token: write permission to your workflow job
    • Remove the NPM_TOKEN secret (you won't need it anymore!)
    • See npm's trusted publishing guide

... (truncated)

Changelog

Sourced from codfish/semantic-release-action's changelog.

v5.0.0 Release Notes Draft

Breaking Changes

Upgraded to semantic-release v25 with breaking changes in the GitHub plugin. Any breaking changes from v25 apply to this github action version except for Node version requirements. Because this is a docker-based github action, the version of node in use is defined inside of the docker image, not by the consuming runner or your code.

What Changed

  • @​semantic-release/github v12: The GitHub plugin no longer uses the GitHub Search API (/search/issues endpoint). It now uses GraphQL queries exclusively for issue retrieval. This architectural change may affect issue management in edge cases. See github plugin v12 release notes.

  • semantic-release v25: Upgraded from v24.2.7 to v25.0.3

    • @​semantic-release/npm upgraded to v13
    • @​semantic-release/commit-analyzer and @​semantic-release/release-notes-generator moved from beta to stable
    • Dependency updates (yargs v18, hosted-git-info v9)
    • See semantic-release v25 release notes
  • npm OIDC Trusted Publishing Support: The upgrade to @​semantic-release/npm v13 enables support for npm's new OIDC-based trusted publishing. This allows publishing to npm without long-lived access tokens by using GitHub's OIDC token provider. This is more secure and eliminates the need to store NPM_TOKEN as a repository secret when publishing from GitHub Actions. See npm documentation for configuration details.

  • Node.js: Upgraded to v24.13.0 (bundled in Docker, not a breaking change for users)

  • @​actions/core: Upgraded to v3.0.0 (internal implementation only)

Migration Steps

  1. Test in a separate branch first - the GitHub plugin's architectural change could affect issue management behavior
  2. Review semantic-release v25 changes
  3. Review @​semantic-release/github v12 changes
  4. Update your workflows to use @v5
  5. (Optional) Migrate to npm OIDC Trusted Publishing:
    • Configure your package on npmjs.com to enable trusted publishing from GitHub Actions
    • Add id-token: write permission to your workflow job
    • Remove the NPM_TOKEN secret (you won't need it anymore!)
    • See npm's trusted publishing guide

Version History

  • v5 uses semantic-release v25 & node v24.13.0
  • v4 uses semantic-release v24 & node v22.18.0

... (truncated)

Commits
  • 6abd188 feat: upgrade deps, node, bump semantic-release to v25 (#231)
  • 626240e ci: normalize branch name for docker pr images (#230)
  • ec8c36d ci: only update docker images if new release was published
  • 1d49992 Add renovate.json (#217)
  • 517b713 docs: update README with latest version
  • See full diff in compare view

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Bug fixes:

... (truncated)

Commits
  • a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
  • bfe8cc5 Upgrade @​actions dependencies to Node 24 compatible versions (#1259)
  • 4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
  • 83679a8 Bump @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
  • bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
  • 97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
  • 443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
  • cfd55ca graalpy: add graalpy early-access and windows builds (#880)
  • bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
  • 18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
  • Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 3 to 4

Release notes

Sourced from actions/upload-pages-artifact's releases.

v4.0.0

What's Changed

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

v3.0.1

Changelog

See details of all code changes since previous release.

Commits
  • 7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
  • 4cc19c7 Pin actions/upload-artifact to SHA
  • 2d163be Merge pull request #107 from KittyChiu/main
  • c704843 fix: linted README
  • 9605915 Merge pull request #106 from KittyChiu/kittychiu/update-readme-1
  • e59cdfe Update README.md
  • a2d6704 doc: updated usage section in readme
  • 984864e Merge pull request #105 from actions/Jcambass-patch-1
  • 45dc788 Add workflow file for publishing releases to immutable action package
  • efaad07 Merge pull request #102 from actions/hidden-files
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4 to 6

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMP...

Description has been truncated

Bumps the github-actions group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `47.0.0` | `47.0.4` |
| [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `4` | `5` |
| [codfish/semantic-release-action](https://github.com/codfish/semantic-release-action) | `4` | `5` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` |
| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3` | `4` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `6` |


Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

Updates `tj-actions/changed-files` from 47.0.0 to 47.0.4
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@24d32ff...7dee1b0)

Updates `actions/setup-dotnet` from 4 to 5
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](actions/setup-dotnet@v4...v5)

Updates `codfish/semantic-release-action` from 4 to 5
- [Release notes](https://github.com/codfish/semantic-release-action/releases)
- [Changelog](https://github.com/codfish/semantic-release-action/blob/main/RELEASE_NOTES_V5.md)
- [Commits](codfish/semantic-release-action@v4...v5)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

Updates `actions/upload-pages-artifact` from 3 to 4
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](actions/upload-pages-artifact@v3...v4)

Updates `actions/upload-artifact` from 4 to 6
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: tj-actions/changed-files
  dependency-version: 47.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/setup-dotnet
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codfish/semantic-release-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-pages-artifact
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants