Skip to content

build(deps): bump the all-github-actions group with 3 updates #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 1, 2025
Merged

build(deps): bump the all-github-actions group with 3 updates #81

merged 1 commit into from
Dec 1, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 27, 2025
edited
Loading

Bumps the all-github-actions group with 3 updates: actions/checkout, actions/setup-node and docker/metadata-action.

Updates actions/checkout from 4.2.2 to 6.0.0

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

V5.0.1

V5.0.0

V4.3.1

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Updates actions/setup-node from 4.4.0 to 6.0.0

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

Commits

Updates docker/metadata-action from 5.9.0 to 5.10.0

Release notes

Sourced from docker/metadata-action's releases.

v5.10.0

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

Commits
  • c299e40 Merge pull request #569 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • f015d79 chore: update generated content
  • 121bcc2 chore(deps): Bump @​docker/actions-toolkit from 0.67.0 to 0.68.0
  • f7b6bf4 Merge pull request #564 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
  • 0b95c6b Merge pull request #565 from docker/dependabot/github_actions/actions/checkout-6
  • 17f70d7 Merge pull request #568 from motoki317/docs/fix-to-24h-schedule-pattern
  • afd7e6d docs(README): Fix date format from 12h to 24h in schedule pattern
  • 602aff8 chore(deps): Bump actions/checkout from 5 to 6
  • aecb1a4 chore(deps): Bump js-yaml from 3.14.1 to 3.14.2
  • 8d8c7c1 Merge pull request #559 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the all-github-actions group with 3 updates
883e08f 
Bumps the all-github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/setup-node](https://github.com/actions/setup-node) and [docker/metadata-action](https://github.com/docker/metadata-action).


Updates `actions/checkout` from 4.2.2 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4.2.2...1af3b93)

Updates `actions/setup-node` from 4.4.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4.4.0...2028fbc)

Updates `docker/metadata-action` from 5.9.0 to 5.10.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@318604b...c299e40)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-github-actions
- dependency-name: actions/setup-node
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-github-actions
- dependency-name: docker/metadata-action
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 27, 2025

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Nov 27, 2025
edited
Loading

Deploying wildcat-dashboard with  Cloudflare Pages  Cloudflare Pages

Latest commit: 883e08f
Status: ✅  Deploy successful!
Preview URL: https://f317926f.wildcat-dashboard.pages.dev
Branch Preview URL: https://dependabot-github-actions-al.wildcat-dashboard.pages.dev

View logs

@cleot cleot requested review from cleot and Copilot November 28, 2025 08:26
Copilot finished reviewing on behalf of cleot November 28, 2025 08:28
Copilot AI reviewed Nov 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates three GitHub Actions dependencies to their latest versions as part of automated dependency management. The updates include two major version bumps with breaking changes that require attention.

  • actions/checkout: v4.2.2 → v6.0.0 (major version update with breaking changes)
  • actions/setup-node: v4.4.0 → v6.0.0 (major version update with breaking changes)
  • docker/metadata-action: v5.9.0 → v5.10.0 (minor version update)

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
.github/workflows/deploy.yml Updates checkout action (4 instances) and setup-node action (3 instances) to major versions v6 with breaking changes requiring runner v2.329.0+
.github/workflows/release.yml Updates docker/metadata-action to v5.10.0 with dependency updates and bug fixes
.github/workflows/nightly.yml Updates docker/metadata-action to v5.10.0 with dependency updates and bug fixes

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/deploy.yml
steps:
- name: Checkout ${{ github.ref_name }}
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
Copy link

Copilot AI Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The update to actions/[email protected] introduces a breaking change that requires GitHub Actions Runner version v2.329.0 or later for Docker container action scenarios. According to the release notes, this version persists credentials under $RUNNER_TEMP instead of directly in the local git config. Please verify that your GitHub Actions runners meet this minimum version requirement before merging this PR.

Additionally, note that v5.0.0 (and therefore v6.0.0) requires Runner v2.327.1 or later due to the upgrade to Node.js 24.

Copilot uses AI. Check for mistakes.
.github/workflows/deploy.yml
- name: Setup Node
uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
Copy link

Copilot AI Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The update to actions/[email protected] introduces a breaking change to automatic caching behavior. According to the release notes, v6.0.0 limits automatic caching to npm only (previously it supported npm, yarn, and pnpm automatically). Since this workflow uses cache: 'npm', the behavior should remain unchanged, but be aware that the automatic package manager detection from v5.0.0 has been restricted in v6.0.0.

Additionally, this version requires GitHub Actions Runner v2.327.1 or later due to the Node.js 24 upgrade.

Copilot uses AI. Check for mistakes.
@cleot cleot merged commit 5bc0c03 into master Dec 1, 2025
9 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/all-github-actions-ae34b205a6 branch December 1, 2025 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cleot cleot cleot approved these changes

Assignees

@cleot cleot

Labels

dependencies github-actions

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cleot