deps(gha): bump the github-actions group with 5 updates by dependabot[bot] · Pull Request #64 · comppolicylab/pingpong-study

dependabot · 2026-04-06T19:49:45Z

Bumps the github-actions group with 5 updates:

Package	From	To
anthropics/claude-code-action	`1.0.82`	`1.0.89`
iarekylew00t/verified-bot-commit	`2.2.0`	`2.2.2`
astral-sh/setup-uv	`7.6.0`	`8.0.0`
aws-actions/configure-aws-credentials	`b1257c400167d727708335212f95607835cd03fd`	`dc64d283718fb89ace3839da443b41ded26d2612`
aws-actions/amazon-ecr-login	`a6f26d4dac281724664e992240eebeb7469b9154`	`f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78`

Updates anthropics/claude-code-action from 1.0.82 to 1.0.89

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.89

What's Changed

fix: skip token revocation when no token was acquired by @Dave-London in anthropics/claude-code-action#918

Use env vars for workflow_run context values in example workflows by @ddworken in anthropics/claude-code-action#1125

docs: document include/exclude_comments_by_actor inputs by @yuribodo in anthropics/claude-code-action#1130

fix: use correct fallback type for reviewData in fetcher by @MaxwellCalkin in anthropics/claude-code-action#1034

Strip OIDC token request env vars from Claude session by @chyipin in anthropics/claude-code-action#1011

fix: skip retries for non-retryable errors in retryWithBackoff by @ei-grad in anthropics/claude-code-action#1082

fix: restore ripgrep execute bits after bun install --production by @qozle in anthropics/claude-code-action#1163

fix: allow # in branch names for PR checkout and base restore by @qozle in anthropics/claude-code-action#1167

fix: prevent hang in restoreConfigFromBase on repos with .gitmodules by @qozle in anthropics/claude-code-action#1166

fix: strip shell comment lines before parsing claude_args by @VoidChecksum in anthropics/claude-code-action#1055

fix: snapshot PR's .claude/ to .claude-pr/ before security restore by @qozle in anthropics/claude-code-action#1172

chore: fix prettier formatting by @ashwin-ant in anthropics/claude-code-action#1171

chore: fix prettier formatting in parse-sdk-options.test.ts by @ashwin-ant in anthropics/claude-code-action#1176

fix: pin bun runtime config and improve log hygiene by @ashwin-ant in anthropics/claude-code-action#1174

New Contributors

@yuribodo made their first contribution in anthropics/claude-code-action#1130

@MaxwellCalkin made their first contribution in anthropics/claude-code-action#1034

@chyipin made their first contribution in anthropics/claude-code-action#1011

@ei-grad made their first contribution in anthropics/claude-code-action#1082

@qozle made their first contribution in anthropics/claude-code-action#1163

@VoidChecksum made their first contribution in anthropics/claude-code-action#1055

Full Changelog: anthropics/claude-code-action@v1...v1.0.89

v1.0.88

Full Changelog: anthropics/claude-code-action@v1...v1.0.88

v1.0.87

Full Changelog: anthropics/claude-code-action@v1...v1.0.87

v1.0.86

What's Changed

Fix subprocess isolation install step not running by @OctavianGuzu in anthropics/claude-code-action#1148

Pass env to execFileSync git calls by @OctavianGuzu in anthropics/claude-code-action#1151

Full Changelog: anthropics/claude-code-action@v1...v1.0.86

v1.0.85

What's Changed

fix: fall back to repo default_branch instead of hardcoded "main" by @ashwin-ant in anthropics/claude-code-action#1143

Full Changelog: anthropics/claude-code-action@v1...v1.0.85

v1.0.84

What's Changed

... (truncated)

Commits

6e2bd52 fix: pin bun runtime config and improve log hygiene (#1174)
3534c32 chore: fix prettier formatting in parse-sdk-options.test.ts (#1176)
6685b26 chore: fix prettier formatting (#1171)
5150ea9 fix: snapshot PR's .claude/ to .claude-pr/ before security restore (#1172)
eb8baa4 fix: strip shell comment lines before parsing claude_args (#1055)
f328a5c fix: prevent hang in restoreConfigFromBase on repos with .gitmodules (#1166)
b15d475 fix: allow # in branch names for PR checkout and base restore (#1167)
d5db820 fix: restore ripgrep execute bits after bun install --production (#1163)
d8af4e9 fix: skip retries for non-retryable errors in retryWithBackoff (#1082)
f37c786 Strip OIDC token request env vars from Claude session (#1011)
Additional commits viewable in compare view

Updates iarekylew00t/verified-bot-commit from 2.2.0 to 2.2.2

Release notes

Sourced from iarekylew00t/verified-bot-commit's releases.

v2.2.2

What's Changed

🏗️ Dependencies

build(deps-dev): Bump the npm-development group with 2 updates by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#321

build(deps): Bump github/codeql-action from 4.34.1 to 4.35.1 in the actions group by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#320

build(deps): Bump minimatch from 10.2.4 to 10.2.5 in the npm-production group across 1 directory by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#323

build(deps-dev): Bump ts-jest from 29.4.6 to 29.4.9 in the npm-development group by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#324

Full Changelog: IAreKyleW00t/verified-bot-commit@v2.2.1...v2.2.2

v2.2.1

What's Changed

🏗️ Dependencies

build(deps-dev): Bump the npm-development group with 3 updates by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#313

build(deps): Bump github/codeql-action from 4.33.0 to 4.34.1 in the actions group by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#312

build(deps-dev): Bump eslint-plugin-jest from 29.15.0 to 29.15.1 in the npm-development group by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#316

build(deps-dev): Bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#317

build(deps-dev): Bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#318

build(deps-dev): Bump brace-expansion from 1.1.12 to 1.1.13 by @dependabot[bot] in IAreKyleW00t/verified-bot-commit#319

Full Changelog: IAreKyleW00t/verified-bot-commit@v2.2.0...v2.2.1

Commits

4aeee09 chore: Bumping version to v2.2.2
32c6d8f build(deps-dev): Bump ts-jest from 29.4.6 to 29.4.9 in the npm-development gr...
33fec29 build(deps): Bump minimatch from 10.2.4 to 10.2.5 in the npm-production group...
0f5e526 build(deps): Bump github/codeql-action from 4.34.1 to 4.35.1 in the actions g...
87cc679 build(deps-dev): Bump the npm-development group with 2 updates (#321)
bbc32e6 chore: Using github-bot for releases
70e8fca chore: Locking down version tags and releases
934fa64 chore: Bumping version to v2.2.1
11d8d47 build(deps-dev): Bump brace-expansion from 1.1.12 to 1.1.13 (#319)
4292cc8 build(deps-dev): Bump handlebars from 4.7.8 to 4.7.9 (#318)
Additional commits viewable in compare view

Updates astral-sh/setup-uv from 7.6.0 to 8.0.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

Remove update-major-minor-tags workflow @eifinger (#826)

Remove deprecrated custom manifest @eifinger (#813)

🧰 Maintenance

Shortcircuit latest version from manifest @eifinger (#828)

Simplify inputs.ts @eifinger (#827)

Bump release-drafter to v7.1.1 @eifinger (#825)

Refactor inputs @eifinger (#823)

Replace inline compile args with tsconfig @eifinger (#824)

chore: update known checksums for 0.11.2 @github-actions[bot] (#821)

chore: update known checksums for 0.11.1 @github-actions[bot] (#817)

chore: update known checksums for 0.11.0 @github-actions[bot] (#815)

Fix latest-version workflow check @eifinger (#812)

chore: update known checksums for 0.10.11/0.10.12 @github-actions[bot] (#811)

Commits

cec2083 Shortcircuit latest version from manifest (#828)
4dd8ab4 Simplify inputs.ts (#827)
7fdbe7c Remove update-major-minor-tags workflow (#826)
485abd0 Bump release-drafter to v7.1.1 (#825)
f82eb19 Refactor inputs (#823)
868d1f7 Replace inline compile args with tsconfig (#824)
447e6d0 chore: update known checksums for 0.11.2 (#821)
5c62c59 chore: update known checksums for 0.11.1 (#817)
e1a7373 chore: update known checksums for 0.11.0 (#815)
8970931 Remove deprecrated custom manifest (#813)
Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from b1257c400167d727708335212f95607835cd03fd to dc64d283718fb89ace3839da443b41ded26d2612

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Update action to use node24 (#1632) (a7a2c11)

Features

add support to define transitive tag keys (#1316) (232435c) (930ebd9)

Bug Fixes

properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

5.1.1 (2025-11-24)

Miscellaneous Chores

release 5.1.1 (56d6a58)

5.1.0 (2025-10-06)

Features

Add global timeout support (#1487) (1584b8b)

add no-proxy support (#1482) (dde9b22)

Improve debug logging in retry logic (#1485) (97ef425)

Bug Fixes

properly expose getProxyForUrl (introduced in #1482) (#1486) (cea4298)

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

add skip OIDC option (#1458) (8c45f6b)

... (truncated)

Commits

dc64d28 chore(deps-dev): bump lodash from 4.17.23 to 4.18.1 (#1720)
bc0a50a chore: Update dist
9ea6412 chore(deps): bump proxy-agent from 6.5.0 to 7.0.0 (#1686)
0a87594 chore: Update dist
a7f0c82 feat: Support usage of AWS Profiles (#1696)
e6bb6e5 chore: add text to CONTRIBUTING.md (#1719)
11b1c58 feat: add skip cleanup option (#1716)
51635db chore: Update dist
8d0763f chore(deps): bump @aws-sdk/client-sts from 3.1015.0 to 3.1020.0 (#1710)
563c600 chore: Update dist
Additional commits viewable in compare view

Updates aws-actions/amazon-ecr-login from a6f26d4dac281724664e992240eebeb7469b9154 to f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78

Changelog

Sourced from aws-actions/amazon-ecr-login's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.1.2 (2026-04-01)

2.1.1 (2026-03-24)

Bug Fixes

prefer explicit env var credentials over Pod Identity (#953) (ecbbdc7)

2.1.0 (2026-03-19)

Features

Add EKS Pod Identity support to Amazon ECR login action (#624, #735) (#740) (dcb4c27)

2.0.2 (2026-03-13)

Bug Fixes

Upgrade import syntax to ES Modules (#889) (0edf37c)

2.0.1 (2023-10-02)

2.0.0 (2023-10-02)

⚠ BREAKING CHANGES

The default value of the 'mask-password' input has been updated from false to true.

Treat maskPassword as false only if explicitly set to false

Add new-v2-release to README

Features

release v2 (#520) (d71acaf)

1.7.0 (2023-08-09)

Features

provide input to optionally mask output docker password (#491) (98f33d2)

... (truncated)

Commits

f2e9fc6 chore(release): 2.1.2
b5362e1 chore(deps-dev): bump eslint from 10.0.3 to 10.1.0 (#964)
2096e5c chore: Update dist (#984)
ae31c19 chore(deps): bump @aws-sdk/client-ecr from 3.1018.0 to 3.1021.0 (#977)
f63ff6a chore(deps): bump @aws-sdk/credential-providers (#978)
5b22aa2 chore: Update dist (#980)
887bd54 chore(deps): bump @aws-sdk/client-ecr-public from 3.1016.0 to 3.1021.0 (#976)
a080f59 chore: Update dist (#974)
220b1c6 chore(deps): bump @aws-sdk/client-ecr from 3.1011.0 to 3.1016.0 (#966)
9e34c94 chore(deps): bump @aws-sdk/credential-providers (#965)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

greptile-apps · 2026-04-06T19:49:48Z

PR author is in the excluded authors list.

Bumps the github-actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.82` | `1.0.89` | | [iarekylew00t/verified-bot-commit](https://github.com/iarekylew00t/verified-bot-commit) | `2.2.0` | `2.2.2` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.6.0` | `8.0.0` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `b1257c400167d727708335212f95607835cd03fd` | `dc64d283718fb89ace3839da443b41ded26d2612` | | [aws-actions/amazon-ecr-login](https://github.com/aws-actions/amazon-ecr-login) | `a6f26d4dac281724664e992240eebeb7469b9154` | `f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78` | Updates `anthropics/claude-code-action` from 1.0.82 to 1.0.89 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](anthropics/claude-code-action@88c168b...6e2bd52) Updates `iarekylew00t/verified-bot-commit` from 2.2.0 to 2.2.2 - [Release notes](https://github.com/iarekylew00t/verified-bot-commit/releases) - [Commits](IAreKyleW00t/verified-bot-commit@e5a15a0...4aeee09) Updates `astral-sh/setup-uv` from 7.6.0 to 8.0.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@37802ad...cec2083) Updates `aws-actions/configure-aws-credentials` from b1257c400167d727708335212f95607835cd03fd to dc64d283718fb89ace3839da443b41ded26d2612 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@b1257c4...dc64d28) Updates `aws-actions/amazon-ecr-login` from a6f26d4dac281724664e992240eebeb7469b9154 to f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 - [Release notes](https://github.com/aws-actions/amazon-ecr-login/releases) - [Changelog](https://github.com/aws-actions/amazon-ecr-login/blob/main/CHANGELOG.md) - [Commits](aws-actions/amazon-ecr-login@a6f26d4...f2e9fc6) --- updated-dependencies: - dependency-name: anthropics/claude-code-action dependency-version: 1.0.89 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: iarekylew00t/verified-bot-commit dependency-version: 2.2.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: astral-sh/setup-uv dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: dc64d283718fb89ace3839da443b41ded26d2612 dependency-type: direct:production dependency-group: github-actions - dependency-name: aws-actions/amazon-ecr-login dependency-version: f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 6, 2026

dependabot bot force-pushed the dependabot/github_actions/github-actions-5499692f8b branch from dcad924 to b53edb9 Compare April 6, 2026 22:05

ekassos approved these changes Apr 6, 2026

View reviewed changes

ekassos merged commit 55fee8b into main Apr 6, 2026
6 checks passed

ekassos deleted the dependabot/github_actions/github-actions-5499692f8b branch April 6, 2026 22:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

deps(gha): bump the github-actions group with 5 updates#64

deps(gha): bump the github-actions group with 5 updates#64
ekassos merged 1 commit intomainfrom
dependabot/github_actions/github-actions-5499692f8b

dependabot bot commented on behalf of github Apr 6, 2026 •

edited

Loading

Uh oh!

greptile-apps bot commented Apr 6, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Apr 6, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v1.0.89

What's Changed

New Contributors

v1.0.88

v1.0.87

v1.0.86

What's Changed

v1.0.85

What's Changed

v1.0.84

What's Changed

v2.2.2

What's Changed

🏗️ Dependencies

v2.2.1

What's Changed

🏗️ Dependencies

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

New format for manifest-file

No more major and minor tags

🚨 Breaking changes

🧰 Maintenance

Changelog

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Features

Bug Fixes

5.1.1 (2025-11-24)

Miscellaneous Chores

5.1.0 (2025-10-06)

Features

Bug Fixes

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

Features

Changelog

2.1.2 (2026-04-01)

2.1.1 (2026-03-24)

Bug Fixes

2.1.0 (2026-03-19)

Features

2.0.2 (2026-03-13)

Bug Fixes

2.0.1 (2023-10-02)

2.0.0 (2023-10-02)

⚠ BREAKING CHANGES

Features

1.7.0 (2023-08-09)

Features

Uh oh!

greptile-apps bot commented Apr 6, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Apr 6, 2026 •

edited

Loading

This is the first immutable release of `setup-uv` 🥳

New format for `manifest-file`