Skip to content

chore(deps): bump the github-actions group with 4 updates#2930

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-7eb39738ea
Closed

chore(deps): bump the github-actions group with 4 updates#2930
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-7eb39738ea

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026
edited
Loading

Bumps the github-actions group with 4 updates: actions/upload-artifact, chainguard-dev/actions, goreleaser/goreleaser-action and aquasecurity/trivy-action.

Updates actions/upload-artifact from 6.0.0 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

Updates chainguard-dev/actions from 1.5.13 to 1.6.4

Release notes

Sourced from chainguard-dev/actions's releases.

v1.6.4

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.3...v1.6.4

v1.6.3

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.2...v1.6.3

v1.6.2

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.1...v1.6.2

v1.6.1

What's Changed

... (truncated)

Commits
  • eab208e feat(otel-export): add otlp protocol support and export grpc endpoint (#767)
  • a303eb6 feat: add signing with own key for melange-build (#745)
  • 004e924 Bump chainguard-dev/actions from 1.6.0 to 1.6.3 (#761)
  • 953b4c6 Bump chainguard-dev/actions from 1.6.2 to 1.6.3 in /gofmt (#762)
  • c84489f Bump chainguard-dev/actions from 1.6.2 to 1.6.3 in /goimports (#763)
  • 2e1f536 Bump chainguard-dev/actions from 1.6.2 to 1.6.3 in /inky-build-pkg (#764)
  • 45a6f19 Bump chainguard-dev/actions from 1.6.2 to 1.6.3 in /melange-build (#765)
  • 0eb9739 Bump chainguard-dev/actions from 1.6.2 to 1.6.3 in /wolfi-build-pkg (#766)
  • 4ed96e9 Bump chainguard-dev/actions from 1.6.1 to 1.6.2 in /gofmt (#755)
  • 4c65902 Bump chainguard-dev/actions from 1.6.1 to 1.6.2 in /goimports (#756)
  • Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.4.0 to 7.0.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.0.0

What's Changed

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

Commits
  • ec59f47 fix: yargs usage
  • 752dede fix: gitignore
  • 1881ae0 ci: update dependabot settings
  • fdc5e66 chore: gitignore provenance.json
  • 51b5b35 chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group (#539)
  • 4247c53 ci(deps): bump docker/setup-buildx-action in the actions group (#538)
  • c169bfd chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group (...
  • 902ab4a chore(deps): bump the npm group across 1 directory with 4 updates (#536)
  • c59a691 chore: gitignore
  • 56cc8b2 ci: add job to automate dependabot pre-checkin/vendor
  • Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.33.1 to 0.34.1

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.34.1

What's Changed

Full Changelog: aquasecurity/trivy-action@0.34.0...0.34.1

v0.34.0

What's Changed

Full Changelog: aquasecurity/trivy-action@0.33.1...0.34.0

Commits
  • e368e32 ci(test): add zizmor security linter for GitHub Actions (#502)
  • c1824fd chore(deps): Update trivy to v0.69.1 (#506)
  • bc61dc5 Merge commit from fork
  • 5eb7ef2 ci: use checks bundle v2 in sync workflow (#505)
  • 22438a4 Merge pull request #496 from aquasecurity/bump-trivy-1765431074
  • 0024b3f chore(deps): Update trivy to v0.68.1
  • 83690f7 ci: install trivy in bump-trivy workflow and update tests (#495)
  • df65449 chore: update README (#493)
  • 0317097 ci: use setup-bats in bump-trivy workflow (#494)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the github-actions group with 4 updates
cab66d6 
Bumps the github-actions group with 4 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact), [chainguard-dev/actions](https://github.com/chainguard-dev/actions), [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) and [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action).


Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b7c566a...bbbca2d)

Updates `chainguard-dev/actions` from 1.5.13 to 1.6.4
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](chainguard-dev/actions@18e5e34...eab208e)

Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.0.0
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@e435ccd...ec59f47)

Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.1
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@b6643a2...e368e32)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: chainguard-dev/actions
  dependency-version: 1.6.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 1, 2026 18:46
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 1, 2026
@github-actions github-actions bot added the area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) label Mar 1, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 2, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 2, 2026
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-7eb39738ea branch March 2, 2026 22:43
@github-actions github-actions bot locked and limited conversation to collaborators Mar 2, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants