Skip to content

chore(deps): bump the github-actions group across 1 directory with 5 updates#2939

Merged
tstirrat15 merged 1 commit intomainfrom
dependabot/github_actions/github-actions-64660f7e1c
Mar 9, 2026
Merged

chore(deps): bump the github-actions group across 1 directory with 5 updates#2939
tstirrat15 merged 1 commit intomainfrom
dependabot/github_actions/github-actions-64660f7e1c

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 2, 2026

Bumps the github-actions group with 5 updates in the / directory:

Package From To
benchmark-action/github-action-benchmark 1.20.7 1.21.0
actions/upload-artifact 6.0.0 7.0.0
chainguard-dev/actions 1.5.13 1.6.5
goreleaser/goreleaser-action 6.4.0 7.0.0
aquasecurity/trivy-action 0.33.1 0.34.2

Updates benchmark-action/github-action-benchmark from 1.20.7 to 1.21.0

Release notes

Sourced from benchmark-action/github-action-benchmark's releases.

v1.21.0

  • fix include package name for duplicate bench names (#330)
  • fix avoid duplicate package suffix in Go benchmarks (#337)

Full Changelog: benchmark-action/github-action-benchmark@v1.20.7...v1.21.0

Changelog

Sourced from benchmark-action/github-action-benchmark's changelog.

Unreleased

v1.21.0 - 02 Mar 2026

  • fix include package name for duplicate bench names (#330)
  • fix avoid duplicate package suffix in Go benchmarks (#337)

v1.20.7 - 06 Sep 2025

  • fix improve parsing for custom benchmarks (#323)

v1.20.5 - 02 Sep 2025

  • feat allow to parse generic cargo bench/criterion units (#280)
  • fix add summary even when failure threshold is surpassed (#285)
  • fix time units are not normalized (#318)

v1.20.4 - 23 Oct 2024

  • feat add typings and validation workflow (#257)

v1.20.3 - 19 May 2024

  • fix Catch2 v.3.5.0 changed output format (#247)

v1.20.2 - 19 May 2024

  • fix Support sub-nanosecond precision on Cargo benchmarks (#246)

v1.20.1 - 02 Apr 2024

  • fix release script

v1.20.0 - 02 Apr 2024

  • fix Rust benchmarks not comparing to baseline (#235)
  • feat Comment on PR and auto update comment (#223)

v1.19.3 - 02 Feb 2024

  • fix ratio is NaN when previous value is 0. Now, print 1 when both values are 0 and +-∞ when divisor is 0 (#222)
  • fix action hangs in some cases for go fiber benchmarks (#225)

v1.19.2 - 26 Jan 2024

  • fix markdown rendering for summary is broken (#218)

v1.19.1 - 25 Jan 2024

... (truncated)

Commits

Updates actions/upload-artifact from 6.0.0 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

Updates chainguard-dev/actions from 1.5.13 to 1.6.5

Release notes

Sourced from chainguard-dev/actions's releases.

v1.6.5

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.4...v1.6.5

v1.6.4

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.3...v1.6.4

v1.6.3

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.2...v1.6.3

v1.6.2

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.1...v1.6.2

... (truncated)

Commits
  • 71714a7 build(deps): bump step-security/harden-runner from 2.14.2 to 2.15.0 (#774)
  • 4993bf2 build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 (#768)
  • 24f524c build(deps): bump chainguard-dev/actions in /goimports (#770)
  • 9b2d240 build(deps): bump chainguard-dev/actions from 1.6.3 to 1.6.4 in /gofmt (#769)
  • 76cbd2a build(deps): bump chainguard-dev/actions in /inky-build-pkg (#771)
  • 8c80352 build(deps): bump chainguard-dev/actions in /melange-build (#772)
  • 4fd2188 build(deps): bump chainguard-dev/actions in /wolfi-build-pkg (#773)
  • eab208e feat(otel-export): add otlp protocol support and export grpc endpoint (#767)
  • a303eb6 feat: add signing with own key for melange-build (#745)
  • 004e924 Bump chainguard-dev/actions from 1.6.0 to 1.6.3 (#761)
  • Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.4.0 to 7.0.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.0.0

What's Changed

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

Commits
  • ec59f47 fix: yargs usage
  • 752dede fix: gitignore
  • 1881ae0 ci: update dependabot settings
  • fdc5e66 chore: gitignore provenance.json
  • 51b5b35 chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group (#539)
  • 4247c53 ci(deps): bump docker/setup-buildx-action in the actions group (#538)
  • c169bfd chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group (...
  • 902ab4a chore(deps): bump the npm group across 1 directory with 4 updates (#536)
  • c59a691 chore: gitignore
  • 56cc8b2 ci: add job to automate dependabot pre-checkin/vendor
  • Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.33.1 to 0.34.2

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.34.2

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@0.34.1...0.34.2

v0.34.1

What's Changed

Full Changelog: aquasecurity/trivy-action@0.34.0...0.34.1

v0.34.0

What's Changed

Full Changelog: aquasecurity/trivy-action@0.33.1...0.34.0

Commits
  • 97e0b38 chore: bump Trivy version to v0.69.2 in test workflow and README (#515)
  • 4c61e63 chore: bump default Trivy version to v0.69.2 (#513)
  • 1bd0625 Merge pull request #508 from nikpivkin/feat/pass-yaml-ignore-file
  • bce3086 remove unused init-cache target
  • 5a9fbb1 supress progress bar when download db
  • 1615450 update trivyignores input description
  • df85774 add comment about fd3
  • 56c8dae remove unused variable
  • e368e32 ci(test): add zizmor security linter for GitHub Actions (#502)
  • 6476b93 feat: support for YAML ignore file
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 2, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 2, 2026 22:43
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 2, 2026
@github-actions github-actions bot added the area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) label Mar 2, 2026
@tstirrat15 tstirrat15 force-pushed the dependabot/github_actions/github-actions-64660f7e1c branch from 3f3708f to 948c718 Compare March 3, 2026 15:45
tstirrat15
tstirrat15 approved these changes Mar 3, 2026
View reviewed changes
Copy link
Contributor

@tstirrat15 tstirrat15 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tstirrat15 tstirrat15 enabled auto-merge (squash) March 3, 2026 15:46
@codecov
Copy link

codecov bot commented Mar 3, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.78%. Comparing base (cf317c7) to head (4e4af5c).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2939      +/-   ##
==========================================
+ Coverage   74.77%   74.78%   +0.02%     
==========================================
  Files         494      494              
  Lines       60623    60623              
==========================================
+ Hits        45323    45333      +10     
+ Misses      12136    12126      -10     
  Partials     3164     3164

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@dependabot @tstirrat15
chore(deps): bump the github-actions group across 1 directory with 5 …
4e4af5c 
…updates

Bumps the github-actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [benchmark-action/github-action-benchmark](https://github.com/benchmark-action/github-action-benchmark) | `1.20.7` | `1.21.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` |
| [chainguard-dev/actions](https://github.com/chainguard-dev/actions) | `1.5.13` | `1.6.5` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.4.0` | `7.0.0` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.33.1` | `0.34.2` |



Updates `benchmark-action/github-action-benchmark` from 1.20.7 to 1.21.0
- [Release notes](https://github.com/benchmark-action/github-action-benchmark/releases)
- [Changelog](https://github.com/benchmark-action/github-action-benchmark/blob/master/CHANGELOG.md)
- [Commits](benchmark-action/github-action-benchmark@4bdcce3...a7bc236)

Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b7c566a...bbbca2d)

Updates `chainguard-dev/actions` from 1.5.13 to 1.6.5
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](chainguard-dev/actions@18e5e34...71714a7)

Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.0.0
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@e435ccd...ec59f47)

Updates `aquasecurity/trivy-action` from 0.33.1 to 0.34.2
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@b6643a2...97e0b38)

---
updated-dependencies:
- dependency-name: benchmark-action/github-action-benchmark
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: chainguard-dev/actions
  dependency-version: 1.6.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@tstirrat15 tstirrat15 force-pushed the dependabot/github_actions/github-actions-64660f7e1c branch from 948c718 to 4e4af5c Compare March 9, 2026 14:16
@tstirrat15 tstirrat15 merged commit c3eea34 into main Mar 9, 2026
76 of 82 checks passed
@tstirrat15 tstirrat15 deleted the dependabot/github_actions/github-actions-64660f7e1c branch March 9, 2026 15:00
@BrewTestBot BrewTestBot mentioned this pull request Mar 19, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tstirrat15 tstirrat15 tstirrat15 approved these changes

Assignees

No one assigned

Labels

area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code Skip-Changelog

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tstirrat15