Skip to content

chore(deps): bump the github-actions group across 1 directory with 9 updates#851

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-860750c05c
Closed

chore(deps): bump the github-actions group across 1 directory with 9 updates#851
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-860750c05c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026
edited
Loading

Bumps the github-actions group with 9 updates in the / directory:

Package From To
actions/setup-node 6.3.0 6.4.0
actions/github-script 8.0.0 9.0.0
actions/cache 5.0.4 5.0.5
docker/build-push-action 7.0.0 7.1.0
actions/upload-artifact 4.4.3 7.0.1
actions/download-artifact 4.3.0 8.0.1
github/codeql-action 4.35.1 4.35.4
supabase/setup-cli 1.6.0 2.0.0
DavidAnson/markdownlint-cli2-action 23.0.0 23.2.0

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

Updates actions/github-script from 8.0.0 to 9.0.0

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

  • getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
  • Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

  • require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
  • getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
  • If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

New Contributors

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits
  • 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
  • ca10bbd fix: use @​octokit/core/types import for v7 compatibility
  • 86e48e2 merge: incorporate main branch changes
  • c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
  • afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
  • ff8117e ci: fix user-agent test to handle orchestration ID
  • 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
  • 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
  • c17d55b ci: add getOctokit integration test job
  • a047196 test: add getOctokit integration tests via callAsyncFunction
  • Additional commits viewable in compare view

Updates actions/cache from 5.0.4 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

Updates docker/build-push-action from 7.0.0 to 7.1.0

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

Commits
  • bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
  • 18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
  • 46580d2 chore: update generated content
  • 3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
  • efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
  • ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
  • db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
  • ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
  • 2d8f2a1 chore: update generated content
  • 919ac7b fix test since secrets are not written to temp path anymore
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4.4.3 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

... (truncated)

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • Additional commits viewable in compare view

Updates actions/download-artifact from 4.3.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

... (truncated)

Commits
  • 3e5f45b Add regression tests for CJK characters (#471)
  • e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • Additional commits viewable in compare view

Updates github/codeql-action from 4.35.1 to 4.35.4

Release notes

Sourced from github/codeql-action's releases.

v4.35.4

  • Update default CodeQL bundle version to 2.25.4. #3881

v4.35.3

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865

v4.35.2

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
  • Update default CodeQL bundle version to 2.25.2. #3823
Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

  • Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

  • Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
  • Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
  • Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
  • Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
  • Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
  • Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

4.35.0 - 27 Mar 2026

4.34.1 - 20 Mar 2026

  • Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

4.34.0 - 20 Mar 2026

  • Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569
  • We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584
  • Update default CodeQL bundle version to 2.25.0. #3585

4.33.0 - 16 Mar 2026

  • Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

    To opt out of this change:

    • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
    • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

... (truncated)

Commits
  • 68bde55 Merge pull request #3885 from github/update-v4.35.4-803d9e8c3
  • 9739ad2 Update changelog for v4.35.4
  • 803d9e8 Merge pull request #3883 from github/mbg/test/macro-wrapper
  • 0fd9c7d Merge pull request #3882 from github/dependabot/github_actions/dot-github/wor...
  • 922d6fb Use makeMacro instead of test.macro
  • df77e87 Update test macro snippet
  • 6e3f985 Add wrapper for test.macro
  • e7a347d Merge pull request #3881 from github/update-bundle/codeql-bundle-v2.25.4
  • 17eabb2 Rebuild
  • aaef09c Bump ruby/setup-ruby
  • Additional commits viewable in compare view

Updates supabase/setup-cli from 1.6.0 to 2.0.0

Release notes

Sourced from supabase/setup-cli's releases.

v2.0.0

This major release refreshes the action internals, CI coverage, and release pipeline while keeping usage straightforward with uses: supabase/setup-cli@v2.

Highlights

  • Switched the action implementation to a composite action flow and modernized runtime/dependency setup.
  • Improved CLI version resolution: when version is omitted, the action now detects it from root lockfiles (bun.lock, pnpm-lock.yaml, package-lock.json) and falls back to latest.
  • Expanded validation with dedicated CI + E2E workflows and updated docs/examples around @v2.
  • Hardened repository automation and supply-chain posture (pinned actions, Dependabot workflow/policy updates, licensed workflow fixes).
  • Migrated away from old bundled distribution/test setup to a cleaner Bun-based project structure.

Maintenance updates

  • Dependency refreshes across Bun/TypeScript and GitHub Actions tooling.
  • Documentation and workflow cleanup for long-term maintainability.

Contributors

Thanks to everyone who contributed to this release:

Full changelog

36 commits between v1.6.0 and v2.0.0
Compare changes

Commits
  • df56b21 chore(deps-dev): bump the bun-minor-patch group with 2 updates (#419)
  • 6c93bde chore(deps-dev): bump @​types/bun from 1.3.11 to 1.3.12 in the bun-minor-patch...
  • 7fcab5b chore(deps-dev): bump @​typescript/native-preview from 7.0.0-dev.20260409.1 to...
  • 6081904 [codex] fix dependabot actions cooldown config (#414)
  • c099ad8 fix: auto-approval and refine dependabot policy (#412)
  • afb0a59 fix: await main function (#411)
  • 7fef86c fix: licensed workflow trigger (#413)
  • 337fb0d chore(deps-dev): bump @​typescript/native-preview from 7.0.0-dev.20260401.1 to...
  • 33d1b57 chore(deps-dev): bump the bun-development group with 3 updates (#408)
  • 24d47d8 chore(deps): bump ruby/setup-ruby from 1.299.0 to 1.300.0 in the actions-mino...
  • Additional commits viewable in compare view

Updates DavidAnson/markdownlint-cli2-action from 23.0.0 to 23.2.0

Commits
  • ded1f94 Update to version 23.2.0.
  • dc5dad9 Add 10-day cooldown period to Dependabot updates.
  • 64b1c6a Add package-lock.json for reproducible builds (fixes #362).
  • 6c62e06 Bump eslint-plugin-n from 17.24.0 to 18.0.0
  • 9b5720c Bump eslint from 10.2.1 to 10.3.0
  • 6b51ade Update to version 23.1.0.
  • ea6e0da Freshen generated index.js file.
  • 3c4c2c8 Bump markdownlint-cli2 from 0.22.0 to 0.22.1
  • 3a933d4 Bump @​actions/core from 3.0.0 to 3.0.1
  • 648042e Freshen generated index.js file.
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 30, 2026

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from wrsmith108 as a code owner April 30, 2026 21:35
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 30, 2026

E2E Test Results

E2E Test Results - April 30, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-04-30T21:55:12.179Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot dependabot Bot changed the title chore(deps): Bump the github-actions group with 9 updates chore(deps): Bump the github-actions group across 1 directory with 9 updates May 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from 131da92 to 41925de Compare May 1, 2026 11:46
@vercel
Copy link
Copy Markdown

vercel Bot commented May 1, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
website Ready Ready Preview, Comment May 7, 2026 11:06pm

Request Review

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 1, 2026

E2E Test Results

E2E Test Results - May 1, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-01T12:02:14.127Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from 41925de to e4743f5 Compare May 2, 2026 04:17
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 2, 2026

E2E Test Results

E2E Test Results - May 2, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-02T04:30:00.159Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from e4743f5 to c86baaa Compare May 3, 2026 07:46
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 3, 2026

E2E Test Results

E2E Test Results - May 3, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-03T08:02:28.973Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from c86baaa to c6e9b7c Compare May 3, 2026 20:56
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 3, 2026

E2E Test Results

E2E Test Results - May 3, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-03T21:08:34.122Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from c6e9b7c to bdfcbe2 Compare May 4, 2026 00:29
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

E2E Test Results

E2E Test Results - May 4, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-04T00:41:25.027Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from bdfcbe2 to ef654f5 Compare May 4, 2026 21:26
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 4, 2026

E2E Test Results

E2E Test Results - May 4, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-04T21:38:24.111Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

E2E Test Results

E2E Test Results - May 7, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-07T01:23:54.880Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@wrsmith108
Copy link
Copy Markdown
Member

wrsmith108 commented May 7, 2026

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from 39419a5 to 12766ef Compare May 7, 2026 02:40
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

E2E Test Results

E2E Test Results - May 7, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-07T02:55:30.176Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from 12766ef to e7ce3a6 Compare May 7, 2026 03:09
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

E2E Test Results

E2E Test Results - May 7, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-07T03:23:05.523Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@wrsmith108 wrsmith108 mentioned this pull request May 7, 2026
Merged
3 tasks
wrsmith108 added a commit that referenced this pull request May 7, 2026
@wrsmith108 @ruvnet @claude
fix(ci): SMI-4785 ignore git-crypt encrypted .ts files in ESLint
489a32f 
Dependabot PRs don't get GIT_CRYPT_KEY secret, so encrypted files
under .claude/skills/, .claude/plans/, .claude/hive-mind/ reach
ESLint as binary blobs and fail with "Parsing error: Invalid
character" (verified PR #851 SHA 12766ef:
.claude/skills/governance/templates/edge-function-test-template.ts).

Mirrors the existing supabase/functions/** + supabase/migrations/**
pattern in the same globalIgnores block.

Closes SMI-4785.

Co-Authored-By: claude-flow <ruv@ruv.net>
Co-Authored-By: Claude <noreply@anthropic.com>
wrsmith108 added a commit that referenced this pull request May 7, 2026
@wrsmith108 @ruvnet @claude
fix(ci): SMI-4785 ignore git-crypt encrypted .ts files in ESLint (#1002)
8b5cb59 
Dependabot PRs don't get GIT_CRYPT_KEY secret, so encrypted files
under .claude/skills/, .claude/plans/, .claude/hive-mind/ reach
ESLint as binary blobs and fail with "Parsing error: Invalid
character" (verified PR #851 SHA 12766ef:
.claude/skills/governance/templates/edge-function-test-template.ts).

Mirrors the existing supabase/functions/** + supabase/migrations/**
pattern in the same globalIgnores block.

Closes SMI-4785.

Co-authored-by: Ryan Smith <wrsmith108@users.noreply.github.com>
Co-authored-by: claude-flow <ruv@ruv.net>
Co-authored-by: Claude <noreply@anthropic.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from e7ce3a6 to b6983fc Compare May 7, 2026 17:06
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

E2E Test Results

E2E Test Results - May 7, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-07T17:19:20.597Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from b6983fc to 04860bc Compare May 7, 2026 17:27
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

E2E Test Results

E2E Test Results - May 7, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-07T17:40:09.531Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot
chore(deps): bump the github-actions group across 1 directory with 9 …
3e7670c 
…updates

Bumps the github-actions group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |
| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.1.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `7.0.1` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.35.4` |
| [supabase/setup-cli](https://github.com/supabase/setup-cli) | `1.6.0` | `2.0.0` |
| [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) | `23.0.0` | `23.2.0` |



Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@53b8394...48b55a0)

Updates `actions/github-script` from 8.0.0 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@ed59741...3a2844b)

Updates `actions/cache` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@6682284...27d5ce7)

Updates `docker/build-push-action` from 7.0.0 to 7.1.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@d08e5c3...bcafcac)

Updates `actions/upload-artifact` from 4.4.3 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v4.4.3...043fb46)

Updates `actions/download-artifact` from 4.3.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4.3.0...3e5f45b)

Updates `github/codeql-action` from 4.35.1 to 4.35.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...68bde55)

Updates `supabase/setup-cli` from 1.6.0 to 2.0.0
- [Release notes](https://github.com/supabase/setup-cli/releases)
- [Commits](supabase/setup-cli@b60b589...df56b21)

Updates `DavidAnson/markdownlint-cli2-action` from 23.0.0 to 23.2.0
- [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases)
- [Commits](DavidAnson/markdownlint-cli2-action@ce4853d...ded1f94)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: DavidAnson/markdownlint-cli2-action
  dependency-version: 23.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.35.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: supabase/setup-cli
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-860750c05c branch from 04860bc to 3e7670c Compare May 7, 2026 23:05
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 7, 2026

E2E Test Results

E2E Test Results - May 7, 2026

Summary

  • Status: ✅ PASSED
  • Total Duration: 0.00s
  • Generated: 2026-05-07T23:19:56.185Z

Test Results

Phase Status Duration
CLI E2E ⏭️ Skipped -
MCP E2E ⏭️ Skipped -

Generated by skillsmith E2E test suite

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 9, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 9, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-860750c05c branch May 9, 2026 01:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wrsmith108 wrsmith108 Awaiting requested review from wrsmith108 wrsmith108 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@wrsmith108