build(deps): bump the devops group across 1 directory with 20 updates by dependabot[bot] · Pull Request #10445 · ZcashFoundation/zebra

dependabot · 2026-04-01T20:18:36Z

Bumps the devops group with 20 updates in the / directory:

Package	From	To
actions/checkout	`6.0.1`	`6.0.2`
actions-rust-lang/setup-rust-toolchain	`1.15.2`	`1.15.4`
actions/configure-pages	`5.0.0`	`6.0.0`
actions/deploy-pages	`4.0.5`	`5.0.0`
taiki-e/install-action	`2.68.10`	`2.71.0`
codecov/codecov-action	`5.5.2`	`6.0.0`
actions/cache	`5.0.1`	`5.0.4`
lycheeverse/lychee-action	`2.7.0`	`2.8.0`
actions/setup-node	`6.1.0`	`6.3.0`
release-drafter/release-drafter	`6.2.0`	`7.1.1`
docker/setup-buildx-action	`3.12.0`	`4.0.0`
docker/build-push-action	`6.19.2`	`7.0.0`
actions/upload-artifact	`6.0.0`	`7.0.0`
actions/download-artifact	`7.0.0`	`8.0.1`
actions/create-github-app-token	`2.2.1`	`3.0.0`
docker/metadata-action	`5.10.0`	`6.0.0`
docker/login-action	`3.7.0`	`4.0.0`
docker/scout-action	`1.18.2`	`1.20.3`
shimataro/ssh-key-action	`2.8.0`	`2.8.1`
zizmorcore/zizmor-action	`0.5.0`	`0.5.2`

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
See full diff in compare view

Updates actions-rust-lang/setup-rust-toolchain from 1.15.2 to 1.15.4

Release notes

Sourced from actions-rust-lang/setup-rust-toolchain's releases.

v1.15.4

What's Changed

Bump Swatinem/rust-cache from 2.8.2 to 2.9.1 by @hyperfinitism in actions-rust-lang/setup-rust-toolchain#87

New Contributors

@hyperfinitism made their first contribution in actions-rust-lang/setup-rust-toolchain#87

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.15.3...v1.15.4

v1.15.3

What's Changed

Bump Swatinem/rust-cache from 2.8.1 to 2.8.2 by @dependabot[bot] in actions-rust-lang/setup-rust-toolchain#83

Add .gitignore to exclude test-workspace/target/ by @xtqqczze in actions-rust-lang/setup-rust-toolchain#85

New Contributors

@xtqqczze made their first contribution in actions-rust-lang/setup-rust-toolchain#85

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.15.2...v1.15.3

Changelog

Sourced from actions-rust-lang/setup-rust-toolchain's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.15.4] - 2026-03-15

Bump Swatinem/rust-cache from 2.8.2 to 2.9.1 (#87 by @hyperfinitism) This gets rid of the warnings about Node.js 20.

[1.15.3] - 2026-03-01

Bump Swatinem/rust-cache from 2.8.1 to 2.8.2

[1.15.2] - 2025-10-04

Fix: Run the version detection steps in the selected rust-src-dir directory. This should enable the version selection even without a default toolchain installed. Fixes #74.

[1.15.1] - 2025-09-23

Update Swatinem/rust-cache to v2.8.1

[1.15.0] - 2025-09-14

Add support for non-root source directory. Accept source code and rust-toolchain.toml file in subdirectories of the repository. Adds a new parameter rust-src-dir that controls the lookup for toolchain files and sets a default value for the cache-workspace input. (#69 by @Kubaryt)

[1.14.1] - 2025-08-28

Pin Swatinem/rust-cache action to a full commit SHA (#68 by @JohnTitor)

[1.14.0] - 2025-08-23

Add new parameters cache-all-crates and cache-workspace-crates that are propagated to Swatinem/rust-cache as cache-all-crates and cache-workspace-crates

[1.13.0] - 2025-06-16

Add new parameter cache-provider that is propagated to Swatinem/rust-cache as cache-provider (#65 by @mindrunner)

[1.12.0] - 2025-04-23

Add support for installing rustup on Windows (#58 by @maennchen) This adds support for using Rust on the GitHub provided Windows ARM runners.

... (truncated)

Commits

150fca8 Update CHANGELOG for version 1.15.4
aa63f57 Merge pull request #87 from hyperfinitism/deps/bump-rust-cache
229ed07 deps: Bump Swatinem/rust-cache from 2.8.2 to 2.9.1
a0b538f Update changelog
e0e53f1 Merge pull request #85 from xtqqczze/gitignore
a000416 Add .gitignore to exclude test-workspace/target/
806aa7d Add dependabot cooldown
b598bed Merge pull request #83 from actions-rust-lang/dependabot/github_actions/Swati...
e541adf Bump Swatinem/rust-cache from 2.8.1 to 2.8.2
ca4a643 Merge pull request #82 from actions-rust-lang/dependabot/github_actions/actio...
Additional commits viewable in compare view

Updates actions/configure-pages from 5.0.0 to 6.0.0

Release notes

Sourced from actions/configure-pages's releases.

v6.0.0

Changelog

upgrade to node 24 @salmanmkc (#186)

Upgrade IA Publish @Jcambass (#165)

Add workflow file for publishing releases to immutable action package @Jcambass (#163)

pin draft release version @YiMysty (#162)

Bump espree from 9.6.1 to 10.1.0 @dependabot (#160)

Bump eslint-config-prettier from 8.8.0 to 9.1.0 @dependabot (#143)

Be more friendly to Dependabot @yoannchaudet (#158)

Bump eslint-plugin-github from 4.10.2 to 5.0.1 @dependabot (#154)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group @dependabot (#156)

Bump undici from 5.28.3 to 5.28.4 @dependabot (#145)

See details of all code changes since previous release.

Commits

45bfe01 Merge pull request #186 from salmanmkc/node24
d8770c2 Update Node version from 20 to 24 in action.yml
cb8a1a3 upgrade to node 24
d560657 Merge pull request #165 from actions/Jcambass-patch-1
35e0ac4 Upgrade IA Publish
1dfbcbf Merge pull request #163 from actions/Jcambass-patch-1
2f4f988 Add workflow file for publishing releases to immutable action package
0d7570c Merge pull request #162 from actions/pin-draft-release-verssion
3ea1966 pin draft release version
aabcbc4 Merge pull request #160 from actions/dependabot/npm_and_yarn/espree-10.1.0
Additional commits viewable in compare view

Updates actions/deploy-pages from 4.0.5 to 5.0.0

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

Update Node.js version to 24.x @salmanmkc (#404)

Add workflow file for publishing releases to immutable action package @Jcambass (#374)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @dependabot (#360)

Make the rebuild dist workflow work nicer with Dependabot @yoannchaudet (#361)

Bump the non-breaking-changes group across 1 directory with 3 updates @dependabot (#358)

Delete repeated sentence @garethsb (#359)

Update README.md @tsusdere (#348)

Bump the non-breaking-changes group with 4 updates @dependabot (#341)

Remove error message for file permissions @TooManyBees (#340)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

Commits

cd2ce8f Merge pull request #404 from salmanmkc/node24
bbe2a95 Update Node.js version to 24.x
854d7aa Merge pull request #374 from actions/Jcambass-patch-1
306bb81 Add workflow file for publishing releases to immutable action package
b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
7273294 Bump braces in the npm_and_yarn group across 1 directory
963791f Merge pull request #361 from actions/dependabot-friendly
51bb29d Make the rebuild dist workflow safer for Dependabot
89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
Additional commits viewable in compare view

Updates taiki-e/install-action from 2.68.10 to 2.71.0

Release notes

Sourced from taiki-e/install-action's releases.

2.71.0

Support wasm-tools. (#1642, thanks @crepererum)

Support covgate. (#1613, thanks @jesse-black)

Implement potential workaround for windows-11-arm runner bug which sometimes causes issue that the action successfully completes but the tool is not installed. (#1647)

Update typos@latest to 1.45.0.

Update mise@latest to 2026.4.0.

Update cargo-careful@latest to 0.4.10.

2.70.4

Update wasm-bindgen@latest to 0.2.117.

Update vacuum@latest to 0.25.5.

Update tombi@latest to 0.9.13.

Update mise@latest to 2026.3.18.

2.70.3

Update wasm-bindgen@latest to 0.2.116.

Update cargo-insta@latest to 1.47.2.

Update tombi@latest to 0.9.12.

Update biome@latest to 2.4.10.

2.70.2

Update vacuum@latest to 0.25.3.

Update tombi@latest to 0.9.11.

2.70.1

Update cargo-insta@latest to 1.47.1.

Update cargo-binstall@latest to 1.17.9.

Update tombi@latest to 0.9.10.

2.70.0

Install uv, uvw (Windows-only), and uvx binaries when installing uv. Previously, only uv binary was installed. (#1632)

2.69.14

Update just@latest to 1.48.1.

Update wasm-bindgen@latest to 0.2.115.

... (truncated)

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

Update dprint@latest to 0.53.2.

[2.71.0] - 2026-04-01

Support wasm-tools. (#1642, thanks @crepererum)

Support covgate. (#1613, thanks @jesse-black)

Implement potential workaround for windows-11-arm runner bug which sometimes causes issue that the action successfully completes but the tool is not installed. (#1647)

Update typos@latest to 1.45.0.

Update mise@latest to 2026.4.0.

Update cargo-careful@latest to 0.4.10.

[2.70.4] - 2026-04-01

Update wasm-bindgen@latest to 0.2.117.

Update vacuum@latest to 0.25.5.

Update tombi@latest to 0.9.13.

Update mise@latest to 2026.3.18.

[2.70.3] - 2026-03-31

Update wasm-bindgen@latest to 0.2.116.

Update cargo-insta@latest to 1.47.2.

Update tombi@latest to 0.9.12.

Update biome@latest to 2.4.10.

[2.70.2] - 2026-03-30

... (truncated)

Commits

a1df912 Release 2.71.0
099c380 Update changelog
6c82c85 Update covgate@latest to 0.1.3
dbccc50 Support covgate (#1613)
ac12c97 Update changelog
3516136 Call main.sh from powershell on Windows to work around windows-11-arm
284fb88 Update typos@latest to 1.45.0
80f622f Support wasm-tools (#1642)
0d198c4 Update mise@latest to 2026.4.0
1e30eaa Update cargo-careful@latest to 0.4.10
Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.2 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @thomasrockhu-codecov in codecov/codecov-action#1929

Th/6.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @thomasrockhu-codecov in codecov/codecov-action#1926

chore(release): 5.5.4 by @thomasrockhu-codecov in codecov/codecov-action#1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] in codecov/codecov-action#1874

chore(release): bump to 5.5.3 by @thomasrockhu-codecov in codecov/codecov-action#1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in codecov/codecov-action#1868

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in codecov/codecov-action#1867

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

docs: fix typo in README by @datalater in codecov/codecov-action#1866

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in codecov/codecov-action#1861

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

fix: Typo in README by @spalmurray in codecov/codecov-action#1838

docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in codecov/codecov-action#1822

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

57e3a13 Th/6.0.0 (#1928)
f67d33d Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0""...
75cd116 chore(release): 5.5.4 (#1927)
87d39f4 Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" (#1926)
1af5884 chore(release): bump to 5.5.3 (#1922)
c143300 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#1874)
See full diff in compare view

Updates actions/cache from 5.0.1 to 5.0.4

Release notes

Sourced from actions/cache's releases.

v5.0.4

What's Changed

Add release instructions and update maintainer docs by @Link- in actions/cache#1696

Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @Link- in actions/cache#1697

Fix workflow permissions and cleanup workflow names / formatting by @Link- in actions/cache#1699

docs: Update examples to use the latest version by @XZTDean in actions/cache#1690

Fix proxy integration tests by @Link- in actions/cache#1701

Fix cache key in examples.md for bun.lock by @RyPeck in actions/cache#1722

Update dependencies & patch security vulnerabilities by @Link- in actions/cache#1738

New Contributors

@XZTDean made their first contribution in actions/cache#1690

@RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)

Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

Switch to a new branch from main.

Run npm test to ensure all tests are passing.

Update the version in https://github.com/actions/cache/blob/main/package.json.

Run npm run build to update the compiled files.

Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.

Run licensed cache to update the license report.

Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.

Commit your changes and push your branch upstream.

Open a pull request against main and get it reviewed and merged.

Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json

Create a new tag with the version number.

Auto generate release notes and update them to match the changes you made in RELEASES.md.

Toggle the set as the latest release option.

Publish the release.

Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml

There should be a workflow run queued with the same version number.

Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)

Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)

Bump fast-xml-parser to v5.5.6

5.0.3

Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)

Bump @actions/core to v2.0.3

5.0.2

Bump @actions/cache to v5.0.3 #1692

5.0.1

Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

6682284 Merge pull request #1738 from actions/prepare-v5.0.4
e340396 Update RELEASES
8a67110 Add licenses
1865903 Update dependencies & patch security vulnerabilities
5656298 Merge pull request #1722 from RyPeck/patch-1
4e380d1 Fix cache key in examples.md for bun.lock
b7e8d49 Merge pull request #1701 from actions/Link-/fix-proxy-integration-tests
984a21b Add traffic sanity check step
acf2f1f Fix resolution
95a07c5 Add wait for proxy
Additional commits viewable in compare view

Updates lycheeverse/lychee-action from 2.7.0 to 2.8.0

Release notes

Sourced from lycheeverse/lychee-action's releases.

v2.8.0

What's Changed

Update lycheeVersion to v0.23.0 by @github-actions[bot] in lycheeverse/lychee-action#324

Update args for lychee-action to use root-dir by @mre in lycheeverse/lychee-action#314

Update test to use --root-dir instead of the deprecated --base by @mre in lycheeverse/lychee-action#315

Bump actions/checkout from 5 to 6 by @dependabot[bot] in lycheeverse/lychee-action#316

Bump actions/cache from 4 to 5 by @dependabot[bot] in lycheeverse/lychee-action#319

Bump peter-evans/create-pull-request from 7 to 8 by @dependabot[bot] in lycheeverse/lychee-action#318

Add message with Summary report URL by @atteggiani in lycheeverse/lychee-action#326

New Contributors

@atteggiani made their first contribution in lycheeverse/lychee-action#326

Full Changelog: lycheeverse/lychee-action@v2.7.0...v2.8.0

Commits

8646ba3 Add message with Summary report URL (#326)
c6e7911 [create-pull-request] automated change
631725a Bump peter-evans/create-pull-request from 7 to 8 (#318)
942f324 Bump actions/cache from 4 to 5 (#319)
79de881 Bump actions/checkout from 5 to 6 (#316)
1ef33e2 Update test to use --root-dir instead of the deprecated --base (#315)
50a631e Update args for lychee-action to use root-dir (#314)
See full diff in compare view

Updates actions/setup-node from 6.1.0 to 6.3.0

Release notes

Sourced from actions/setup-node's releases.

v6.3.0

What's Changed

Enhancements:

Support parsing devEngines field by @susnux in actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

Fix npm audit issues by @gowridurgad in actions/setup-node#1491

Replace uuid with crypto.randomUUID() by @trivikr in actions/setup-node#1378

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-node#1498

Bug fixes:

Remove hardcoded bearer for mirror-url @marco-ippolito in actions/setup-node#1467

Scope test lockfiles by package manager and update cache tests by @gowridurgad in actions/setup-node#1495

New Contributors

@susnux made their first contribution in actions/setup-node#1283

Full Changelog: actions/setup-node@v6...v6.3.0

v6.2.0

What's Changed

Documentation

Documentation update related to absence of Lockfile by @mahabaleshwars in actions/setup-node#1454

Correct mirror option typos by @MikeMcC399 in actions/setup-node#1442

Readme update on checkout version v6 by @deining in actions/setup-node#1446

Readme typo fixes @munyari in actions/setup-node#1226

Advanced document update on checkout version v6 by @aparnajyothi-y in actions/setup-node#1468

Dependency updates:

Upgrade @actions/cache to v5.0.1 by @salmanmkc in actions/setup-node#1449

New Contributors

@mahabaleshwars made their first contribution in actions/setup-node#1454

@MikeMcC399 made their first contribution in actions/setup-node#1442

@deining made their first contribution in actions/setup-node#1446

@munyari made their first contribution in actions/setup-node#1226

Full Changelog: actions/setup-node@v6...v6.2.0

Commits

53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
54045ab Scope test lockfiles by package manager and update cache tests (#1495)
c882bff Replace uuid with crypto.randomUUID() (#1378)
774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
efcb663 fix: remove hardcoded bearer (#1467)
d02c89d Fix npm audit issues (#1491)
6044e13 Docs: bump actions/checkout from v5 to v6 (#1468)
8e49463 Fix README typo (#1226)
621ac41 README.md: bump to latest released checkout version v6 (#1446)
2951748 Bump @actions/cache to v5.0.1 (#1449)
Additional commits viewable in compare view

Updates release-drafter/release-drafter from 6.2.0 to 7.1.1

Release notes

Sourced from release-drafter/release-drafter's releases.

v7.1.1

What's Changed

Bug Fixes

fix: remove disable-releaser and disable-autolabeler from action.yaml (#1564) @cchanche

Full Changelog: release-drafter/release-drafter@v7.1.0...v7.1.1

v7.1.0

What's Changed

New

feat: filter previous releases by range with semver (#1445) @cch... Description has been truncated

Bumps the devops group with 20 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.1` | `6.0.2` | | [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) | `1.15.2` | `1.15.4` | | [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.68.10` | `2.71.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.1` | `5.0.4` | | [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) | `2.7.0` | `2.8.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.1.0` | `6.3.0` | | [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `6.2.0` | `7.1.1` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.1` | `3.0.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [docker/scout-action](https://github.com/docker/scout-action) | `1.18.2` | `1.20.3` | | [shimataro/ssh-key-action](https://github.com/shimataro/ssh-key-action) | `2.8.0` | `2.8.1` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.0` | `0.5.2` | Updates `actions/checkout` from 6.0.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v6.0.1...de0fac2) Updates `actions-rust-lang/setup-rust-toolchain` from 1.15.2 to 1.15.4 - [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases) - [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md) - [Commits](actions-rust-lang/setup-rust-toolchain@1780873...150fca8) Updates `actions/configure-pages` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](actions/configure-pages@983d773...45bfe01) Updates `actions/deploy-pages` from 4.0.5 to 5.0.0 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](actions/deploy-pages@d6db901...cd2ce8f) Updates `taiki-e/install-action` from 2.68.10 to 2.71.0 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](taiki-e/install-action@305beba...a1df912) Updates `codecov/codecov-action` from 5.5.2 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@671740a...57e3a13) Updates `actions/cache` from 5.0.1 to 5.0.4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@9255dc7...6682284) Updates `lycheeverse/lychee-action` from 2.7.0 to 2.8.0 - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](lycheeverse/lychee-action@a8c4c7c...8646ba3) Updates `actions/setup-node` from 6.1.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@395ad32...53b8394) Updates `release-drafter/release-drafter` from 6.2.0 to 7.1.1 - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](release-drafter/release-drafter@6db134d...139054a) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8d2750c...4d04d5d) Updates `docker/build-push-action` from 6.19.2 to 7.0.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@10e90e3...d08e5c3) Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...bbbca2d) Updates `actions/download-artifact` from 7.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@37930b1...3e5f45b) Updates `actions/create-github-app-token` from 2.2.1 to 3.0.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@29824e6...f8d387b) Updates `docker/metadata-action` from 5.10.0 to 6.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@c299e40...030e881) Updates `docker/login-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...b45d80f) Updates `docker/scout-action` from 1.18.2 to 1.20.3 - [Release notes](https://github.com/docker/scout-action/releases) - [Commits](docker/scout-action@f8c7768...8910519) Updates `shimataro/ssh-key-action` from 2.8.0 to 2.8.1 - [Release notes](https://github.com/shimataro/ssh-key-action/releases) - [Changelog](https://github.com/shimataro/ssh-key-action/blob/v2/CHANGELOG.md) - [Commits](shimataro/ssh-key-action@6b84f2e...87a8f06) Updates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.2 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](zizmorcore/zizmor-action@0dce257...71321a2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: devops - dependency-name: actions-rust-lang/setup-rust-toolchain dependency-version: 1.15.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: devops - dependency-name: actions/configure-pages dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: actions/deploy-pages dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: taiki-e/install-action dependency-version: 2.71.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: devops - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: actions/cache dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: devops - dependency-name: lycheeverse/lychee-action dependency-version: 2.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: devops - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: devops - dependency-name: release-drafter/release-drafter dependency-version: 7.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: actions/create-github-app-token dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: devops - dependency-name: docker/scout-action dependency-version: 1.20.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: devops - dependency-name: shimataro/ssh-key-action dependency-version: 2.8.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: devops - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: devops ... Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/zfnd-build-docker-image.yml

      - name: Set up Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f #v3.12.0
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd #v4.0.0


dependabot bot added A-dependencies Area: Dependency file updates A-devops Area: Pipelines, CI/CD and Dockerfiles C-exclude-from-changelog Category: The PR should be excluded from the changelog and release notes P-Low ❄️ labels Apr 1, 2026

dependabot bot temporarily deployed to dev April 1, 2026 20:18 Inactive

github-advanced-security bot found potential problems Apr 1, 2026

View reviewed changes

dependabot bot temporarily deployed to dev April 1, 2026 20:21 Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the devops group across 1 directory with 20 updates#10445

build(deps): bump the devops group across 1 directory with 20 updates#10445
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/devops-f9c211ba91

dependabot bot commented on behalf of github Apr 1, 2026

Uh oh!

Check failure

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Apr 1, 2026

v6.0.2

What's Changed

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v1.15.4

What's Changed

New Contributors

v1.15.3

What's Changed

New Contributors

Changelog

[Unreleased]

[1.15.4] - 2026-03-15

[1.15.3] - 2026-03-01

[1.15.2] - 2025-10-04

[1.15.1] - 2025-09-23

[1.15.0] - 2025-09-14

[1.14.1] - 2025-08-28

[1.14.0] - 2025-08-23

[1.13.0] - 2025-06-16

[1.12.0] - 2025-04-23

v6.0.0

Changelog

v5.0.0

Changelog

2.71.0

2.70.4

2.70.3

2.70.2

2.70.1

2.70.0

2.69.14

Changelog

[Unreleased]

[2.71.0] - 2026-04-01

[2.70.4] - 2026-04-01

[2.70.3] - 2026-03-31

[2.70.2] - 2026-03-30

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

v5.5.4

What's Changed

v5.5.3

What's Changed

v5.5.2

What's Changed

v5.5.1

What's Changed

v5.5.0

What's Changed

v5.4.3

What's Changed

v5.4.2

v5.0.4

What's Changed

New Contributors

v5.0.3

What's Changed

v.5.0.2

v5.0.2

What's Changed

Releases

How to prepare a release

Changelog

5.0.4

5.0.3