Bump the actions group across 1 directory with 8 updates

[dependabot]

Bumps the actions group with 8 updates in the / directory:

Package	From	To
actions/checkout	4	5
Swatinem/rust-cache	2.7.8	2.8.0
actions/download-artifact	4	5
dtolnay/rust-toolchain	b3b07ba8b418998c39fb20f53e8b695cdcc8de1b	e97e2d8cc328f1b50210efc529dca0028893a2d9
crate-ci/typos	1.31.2	1.35.7
actions/upload-pages-artifact	3	4
mikefarah/yq	4.45.1	4.47.1
slackapi/slack-github-action	2.0.0	2.1.1

Updates actions/checkout from 4 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236
• Prepare release v4.3.0 by @​salmanmkc in actions/checkout#2237

New Contributors

• @​motss made their first contribution in actions/checkout#1971
• @​mouismail made their first contribution in actions/checkout#1977
• @​benwells made their first contribution in actions/checkout#2043
• @​nebuk89 made their first contribution in actions/checkout#2194
• @​salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

New Contributors

• @​Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

V4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

... (truncated)

Commits

• 08c6903 Prepare v5.0.0 release (#2238)
• 9f26565 Update actions checkout to use node 24 (#2226)
• See full diff in compare view

Updates Swatinem/rust-cache from 2.7.8 to 2.8.0

Release notes

Sourced from Swatinem/rust-cache's releases.

v2.8.0

What's Changed

• Add cache-workspace-crates feature by @​jbransen in Swatinem/rust-cache#246
• Feat: support warpbuild cache provider by @​stegaBOB in Swatinem/rust-cache#247

New Contributors

• @​jbransen made their first contribution in Swatinem/rust-cache#246
• @​stegaBOB made their first contribution in Swatinem/rust-cache#247

Full Changelog: Swatinem/rust-cache@v2.7.8...v2.8.0

Changelog

Sourced from Swatinem/rust-cache's changelog.

Changelog

2.8.0

• Add support for warpbuild cache provider
• Add new cache-workspace-crates feature

2.7.8

• Include CPU arch in the cache key

2.7.7

• Also cache cargo install metadata

2.7.6

• Allow opting out of caching $CARGO_HOME/bin
• Add runner OS in cache key
• Adds an option to do lookup-only of the cache

2.7.5

• Support Cargo.lock format cargo-lock v4
• Only run macOsWorkaround() on macOS

2.7.3

• Work around upstream problem that causes cache saving to hang for minutes.

2.7.2

• Only key by Cargo.toml and Cargo.lock files of workspace members.

2.7.1

• Update toml parser to fix parsing errors.

2.7.0

• Properly cache trybuild tests.

2.6.2

• Fix toml parsing.

2.6.1

• Fix hash contributions of Cargo.lock/Cargo.toml files.

... (truncated)

Commits

• 98c8021 2.8.0
• 14d3bc3 update Changelog
• 52ea143 support warpbuild cache provider (#247)
• eaa85be Add cache-workspace-crates feature (#246)
• 901019c Update the test lockfiles
• See full diff in compare view

Updates actions/download-artifact from 4 to 5

Release notes

Sourced from actions/download-artifact's releases.

v5.0.0

What's Changed

• Update README.md by @​nebuk89 in actions/download-artifact#407
• BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @​GrantBirki in actions/download-artifact#416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

• By name: name: my-artifact → extracted to path/ (direct)
• By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

• By name: name: my-artifact → extracted to path/ (unchanged)
• By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:

• You download artifacts by name
• You download multiple artifacts by ID
• You already use merge-multiple: true as a workaround

⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist
# Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

</tr></table> 

... (truncated)

Commits

• 634f93c Merge pull request #416 from actions/single-artifact-id-download-path
• b19ff43 refactor: resolve download path correctly in artifact download tests (mainly ...
• e262cbe bundle dist
• bff23f9 update docs
• fff8c14 fix download path logic when downloading a single artifact by id
• 448e3f8 Merge pull request #407 from actions/nebuk89-patch-1
• 47225c4 Update README.md
• See full diff in compare view

Updates dtolnay/rust-toolchain from b3b07ba8b418998c39fb20f53e8b695cdcc8de1b to e97e2d8cc328f1b50210efc529dca0028893a2d9

Commits

• e97e2d8 Update actions/checkout@v4 -> v5
• 3bd6ba1 Merge pull request #168 from dtolnay/sed
• 0185c06 Fix update-revs.sh to recognize only the intended required: true
• 350b817 Merge pull request #166 from dtolnay/fix1
• 6ded28b Try without comment?
• cc2784c Merge pull request #165 from dtolnay/fix2
• f6642a8 Try without backtick?
• 5ee21dc Merge pull request #162 from dtolnay/pin
• ed196ec Add note about full-length SHA
• 57e4097 Update example version number to a recent one
• Additional commits viewable in compare view

Updates crate-ci/typos from 1.31.2 to 1.35.7

Release notes

Sourced from crate-ci/typos's releases.

v1.35.7

[1.35.7] - 2025-08-29

Documentation

• Expand PyPI metadata

v1.35.6

[1.35.6] - 2025-08-28

Fixes

• Track go.mod as a golang file (regression from 1.13.21)

v1.35.5

[1.35.5] - 2025-08-18

Fixes

• Fix typo in correction to accidently
• Fix typo in correction to dynamincally
• Fix typo in correction to interruptability
• Fix typo in correction to interruptability
• Fix typo in correction to messager
• Fix typo in correction to preferables
• Fix typo in correction to producibles
• Fix typo in correction to restauranteur
• Fix typo in correction to restauranteurs
• Fix typo in correction to searialize
• Fix typo in correction to somethin
• Fix typo in correction to unaccessible
• Fix typo in correction to unnesessarily

v1.35.4

[1.35.4] - 2025-08-12

Fixes

• Fix typo in correction to exctracting

v1.35.3

[1.35.3] - 2025-08-08

Fixes

• Don't correct ratatui in Rust files

v1.35.2

[1.35.2] - 2025-08-07

... (truncated)

Changelog

Sourced from crate-ci/typos's changelog.

[1.35.7] - 2025-08-29

Documentation

• Expand PyPI metadata

[1.35.6] - 2025-08-28

Fixes

• Track go.mod as a golang file (regression from 1.13.21)

[1.35.5] - 2025-08-18

Fixes

• Fix typo in correction to accidently
• Fix typo in correction to dynamincally
• Fix typo in correction to interruptability
• Fix typo in correction to interruptability
• Fix typo in correction to messager
• Fix typo in correction to preferables
• Fix typo in correction to producibles
• Fix typo in correction to restauranteur
• Fix typo in correction to restauranteurs
• Fix typo in correction to searialize
• Fix typo in correction to somethin
• Fix typo in correction to unaccessible
• Fix typo in correction to unnesessarily

[1.35.4] - 2025-08-12

Fixes

• Fix typo in correction to exctracting

[1.35.3] - 2025-08-08

Fixes

• Don't correct ratatui in Rust files

[1.35.2] - 2025-08-07

Fixes

• Don't correct unmarshaling

[1.35.1] - 2025-08-04

... (truncated)

Commits

• 65f69f0 chore: Release
• 89068b4 docs: Update changelog
• ce10367 Merge pull request #1367 from Mr-Sunglasses/feat/pyproject
• e2419ab feat: Add more metadata about the project for PyPi
• 87d57f0 chore: Release
• eceb802 chore: Don't change the screenshot
• 8ccff0f docs: Update changelog
• e7e8a1a Merge pull request #1365 from epage/go
• ed669e8 fix: Revert "fix: ignore go.mod by default"
• 9c80e63 Merge pull request #1362 from szepeviktor/szepeviktor-patch-1
• Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 3 to 4

Release notes

Sourced from actions/upload-pages-artifact's releases.

v4.0.0

What's Changed

• Potentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by @​tsusdere in actions/upload-pages-artifact#102 If you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation
• Pin actions/upload-artifact to SHA by @​heavymachinery in actions/upload-pages-artifact#127

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

v3.0.1

Changelog

• Group tar's output to prevent it from messing up action logs @​SilverRainZ (#94)
• Update README.md @​uiolee (#88)
• Bump the non-breaking-changes group with 1 update @​dependabot (#92)
• Update Dependabot config to group non-breaking changes @​JamesMGreene (#91)
• Bump actions/checkout from 3 to 4 @​dependabot (#76)

See details of all code changes since previous release.

Commits

• 7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
• 4cc19c7 Pin actions/upload-artifact to SHA
• 2d163be Merge pull request #107 from KittyChiu/main
• c704843 fix: linted README
• 9605915 Merge pull request #106 from KittyChiu/kittychiu/update-readme-1
• e59cdfe Update README.md
• a2d6704 doc: updated usage section in readme
• 984864e Merge pull request #105 from actions/Jcambass-patch-1
• 45dc788 Add workflow file for publishing releases to immutable action package
• efaad07 Merge pull request #102 from actions/hidden-files
• Additional commits viewable in compare view

Updates mikefarah/yq from 4.45.1 to 4.47.1

Release notes

Sourced from mikefarah/yq's releases.

v4.47.1 - Merge Anchor fixes (with flag)

• Fixed merge anchor behaviour (<<); #2404, #2110, #2386, #2178 Huge thanks to @​stevenwdv! Note that you will need to set --yaml-fix-merge-anchor-to-spec to see the fixes
• Fixed panic for syntax error when creating a map #2423
• Bumped dependencies

v4.46.1 - INI support + bug fixes

• Added INI support
• Fixed 'add' operator when piped in with no data #2378, #2383, #2384
• Fixed delete after slice problem (bad node path) #2387 Thanks @​antoinedeschenes
• Fixed yq small build Thanks @​imzue
• Switched to YAML org supported go-yaml!
• Bumped dependencies

v4.45.4 - Fixing wrong map() behaviour on empty map

• Fixing wrong map() behaviour on empty map #2359
• Bumped dependencies

v4.45.3 - Fixes regression bug(s)

• Fixing regression (#2353, #2359, #2325) introduced with in 4.45.2 with #2325 fix
• Bumped dependencies

Sorry for the regression folks! 😓 fwiw I have since added automated tests to capture the scenarios provided in the regression bug tickets

v4.45.2

• Added windows arm builds (Thanks @​albertocavalcante, @​ShukantPal)
• Added s390x platform support (Thanks @​ashokpariya0)
• Additionally push docker images to ghcr.io (Thanks @​reegnz)
• Fixing add when there is no node match #2325
• sort_by works on maps
• Bumped dependencies

Changelog

Sourced from mikefarah/yq's changelog.

4.47.1:

• Fixed merge anchor behaviour (<<); #2404, #2110, #2386, #2178 Huge thanks to @​stevenwdv! Note that you will need to set --yaml-fix-merge-anchor-to-spec to see the fixes
• Fixed panic for syntax error when creating a map #2423
• Bumped dependencies

4.46.1:

• Added INI support
• Fixed 'add' operator when piped in with no data #2378, #2383, #2384
• Fixed delete after slice problem (bad node path) #2387 Thanks @​antoinedeschenes
• Fixed yq small build Thanks @​imzue
• Switched to YAML org supported go-yaml!
• Bumped dependencies

4.45.4:

• Fixing wrong map() behaviour on empty map #2359
• Bumped dependencies

4.45.3:

• Fixing regression introduced with in 4.45.2 with #2325 fix 😓 sorry folks!
• Bumped dependencies

4.45.2:

• Added windows arm builds (Thanks @​albertocavalcante, @​ShukantPal)
• Added s390x platform support (Thanks @​ashokpariya0)
• Additionally push docker images to ghcr.io (Thanks @​reegnz)
• Fixing add when there is no node match #2325
• sort_by works on maps
• Bumped dependencies

4.45.1:

• Create parent directories when --split-exp is used, Thanks @​rudo-thomas
• Bumped dependencies

4.44.6:

• Fixed deleting items in array bug #2027, #2172; Thanks @​jandubois
• Docker image for armv7 / raspberry pi3, Thanks @​brianegge
• Fixed no-colors regression #2218
• Fixed various panic scenarios #2211
• Bumped dependencies

4.44.5:

• Fixing release pipeline

4.44.4:

• Format comments with a gray foreground (Thanks @​gabe565)
• Fixed handling of nulls with sort_by expressions #2164
• Force no color output when NO_COLOR env presents (Thanks @​narqo)
• Fixed array subtraction update bug #2159

... (truncated)

Commits

• f03c9dc Bumping version
• 023c85e Adding test for #2404
• a3d9e01 Prepping release notes
• ab3be22 Bump github.com/spf13/pflag from 1.0.6 to 1.0.7
• 93fed3f Bump golang.org/x/net from 0.41.0 to 0.42.0
• f42534e Bump github.com/alecthomas/repr from 0.4.0 to 0.5.1
• b968963 Merge branch 'stevenwdv-merge-anchor-fix'
• 92309b1 Fixed test doc gen
• d5757fc Working on clarifying docs
• db2a455 Fixed tests
• Additional commits viewable in compare view

Updates slackapi/slack-github-action from 2.0.0 to 2.1.1

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack Send v2.1.1

What's Changed

This release fixes an issue where substituted variables might've broken valid JSON or YAML parsings when using the payload-file-path input option.

🐛 Bug fixes

• fix: parse provided payloads before replacing templated variables in slackapi/slack-github-action#449 - Thanks @​zimeg!

📚 Documentation

• docs: fix channel mention formatting in slackapi/slack-github-action#447 - Thanks @​mwbrooks!
• docs: remove links to pages that are no longer referenced in markdown in slackapi/slack-github-action#459 - Thanks @​zimeg!

🤖 Dependencies

• build(deps): bump undici from 5.28.5 to 5.29.0 in slackapi/slack-github-action#442 - Thanks @​dependabot!
• build(deps): bump codecov/codecov-action from 5.4.2 to 5.4.3 in slackapi/slack-github-action#443 - Thanks @​dependabot!
• build(deps-dev): bump mocha from 11.1.0 to 11.5.0 in slackapi/slack-github-action#450 - Thanks @​dependabot!
• build(deps): bump @​actions/github from 6.0.0 to 6.0.1 in slackapi/slack-github-action#451 - Thanks @​dependabot!
• build(deps-dev): bump @​types/node from 22.15.3 to 22.15.29 in slackapi/slack-github-action#452 - Thanks @​dependabot!
• build(deps): bump @​slack/web-api from 7.9.1 to 7.9.2 in slackapi/slack-github-action#453 - Thanks @​dependabot!
• build(deps): bump @​slack/web-api from 7.9.2 to 7.9.3 in slackapi/slack-github-action#462 - Thanks @​dependabot!
• build(deps): bump axios from 1.9.0 to 1.10.0 in slackapi/slack-github-action#465 - Thanks @​dependabot!
• build(deps-dev): bump @​types/node from 22.15.29 to 24.0.3 in slackapi/slack-github-action#466 - Thanks @​dependabot!
• build(deps-dev): bump mocha from 11.5.0 to 11.7.1 in slackapi/slack-github-action#468 - Thanks @​dependabot!
• build(deps-dev): bump mocha-suppress-logs from 0.5.1 to 0.6.0 in slackapi/slack-github-action#469 - Thanks @​dependabot!
• build(deps-dev): bump sinon from 20.0.0 to 21.0.0 in slackapi/slack-github-action#471 - Thanks @​dependabot!
• build(deps-dev): bump @​types/node from 24.0.3 to 24.0.8 in slackapi/slack-github-action#472 - Thanks @​dependabot!
• build(deps-dev): bump @​biomejs/biome from 1.9.4 to 2.0.6 in slackapi/slack-github-action#470 - Thanks @​dependabot!

🧰 Maintenance

• ci: pin action hashes and escape variables with minimum permission in slackapi/slack-github-action#441 - Thanks @​zimeg!
• build: create separate release branches for tagged releases on publish in slackapi/slack-github-action#457 - Thanks @​zimeg!
• build: clone repository "docs" and configuration when syncing project docs in slackapi/slack-github-action#467 - Thanks @​lukegalbraithrussell!
• chore(release): tag version 2.1.1 in slackapi/slack-github-action#474 - Thanks @​zimeg!

Full Changelog: slackapi/slack-github-action@v2.1.0...v2.1.1

Slack Send v2.1.0

What's changed

This release improves error messages from odd payload parsings. An api option is now also available in inputs to change the destination of data with the method technique.

Read more on the new site for documentation: https://tools.slack.dev/slack-github-action/

👾 Enhancements

• feat: include an 'api' option to customize the slack api method url in slackapi/slack-github-action#409 - Thanks @​zimeg!

... (truncated)

Commits

• 91efab1 Release
• b6f4640 chore(release): tag version 2.1.1 (#474)
• d3dc61e build(deps-dev): bump @​biomejs/biome from 1.9.4 to 2.0.6 (#470)
• f647c89 build(deps-dev): bump @​types/node from 24.0.3 to 24.0.8 (#472)
• e6fa633 build(deps-dev): bump sinon from 20.0.0 to 21.0.0 (#471)
• 75b7822 build(deps-dev): bump mocha-suppress-logs from 0.5.1 to 0.6.0 (#469)
• d7b6150 build(deps-dev): bump mocha from 11.5.0 to 11.7.1 (#468)
• a7f5b68 build: clone repository "docs" and configuration when syncing project docs (#...
• c69deab build(deps-dev): bump @​types/node from 22.15.29 to 24.0.3 (#466)
• 1d0943c build(deps): bump axios from 1.9.0 to 1.10.0 (#465)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[ksew1]

@dependabot rebase

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.