build(deps): bump the dependencies group across 1 directory with 12 updates #1665

dependabot · 2025-10-27T02:14:15Z

Bumps the dependencies group with 12 updates in the / directory:

Package	From	To
actions/checkout	`4.2.2`	`5.0.0`
actions/setup-node	`4.4.0`	`6.0.0`
docker/login-action	`3.4.0`	`3.6.0`
docker/metadata-action	`5.7.0`	`5.8.0`
peter-evans/dockerhub-description	`4.0.2`	`5.0.0`
github/codeql-action	`3.29.2`	`4.31.0`
actions/setup-java	`4.7.1`	`5.0.0`
actions/upload-artifact	`4.6.2`	`5.0.0`
checkmarx/kics-github-action	`2.1.11`	`2.1.15`
amannn/action-semantic-pull-request	`5.5.3`	`6.1.1`
aquasecurity/trivy-action	`0.32.0`	`0.33.1`
trufflesecurity/trufflehog	`3.90.1`	`3.90.11`

Updates actions/checkout from 4.2.2 to 5.0.0

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

Prepare release v4.3.0 by @salmanmkc in actions/checkout#2237

New Contributors

@motss made their first contribution in actions/checkout#1971

@mouismail made their first contribution in actions/checkout#1977

@benwells made their first contribution in actions/checkout#2043

@nebuk89 made their first contribution in actions/checkout#2194

@salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

V4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

... (truncated)

Commits

08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
08eba0b Prepare release v4.3.0 (#2237)
631c7dc Update package dependencies (#2236)
8edcb1b Update CODEOWNERS for actions (#2224)
09d2aca Update README.md (#2194)
85e6279 Adjust positioning of user email note and permissions heading (#2044)
009b9ae Documentation update - add recommended permissions to Readme (#2043)
cbb7224 Update README.md (#1977)
3b9b8c8 docs: update README.md (#1971)
See full diff in compare view

Updates actions/setup-node from 4.4.0 to 6.0.0

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Limit automatic caching to npm, update workflows and documentation by @priyagupta108 in actions/setup-node#1374

Dependency Upgrades

Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by @dependabot[bot] in #1336

Upgrade prettier from 2.8.8 to 3.6.2 by @dependabot[bot] in #1334

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot[bot] in #1362

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

Enhance caching in setup-node with automatic package manager detection by @priya-kinthali in actions/setup-node#1348

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false
steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false
Upgrade action to use node24 by @salmanmkc in actions/setup-node#1325

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @octokit/request-error and @actions/github by @dependabot[bot] in actions/setup-node#1227

Upgrade uuid from 9.0.1 to 11.1.0 by @dependabot[bot] in actions/setup-node#1273

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-node#1295

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/setup-node#1332

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-node#1345

New Contributors

@priya-kinthali made their first contribution in actions/setup-node#1348

@salmanmkc made their first contribution in actions/setup-node#1325

Full Changelog: actions/setup-node@v4...v5.0.0

Commits

2028fbc Limit automatic caching to npm, update workflows and documentation (#1374)
1342781 Bump actions/publish-action from 0.3.0 to 0.4.0 (#1362)
89d709d Bump prettier from 2.8.8 to 3.6.2 (#1334)
cd2651c Bump ts-jest from 29.1.2 to 29.4.1 (#1336)
a0853c2 Bump actions/checkout from 4 to 5 (#1345)
b7234cc Upgrade action to use node24 (#1325)
d7a1131 Enhance caching in setup-node with automatic package manager detection (#1348)
5e2628c Bumps form-data (#1332)
65becef Bump undici from 5.28.5 to 5.29.0 (#1295)
7e24a65 Bump uuid from 9.0.1 to 11.1.0 (#1273)
Additional commits viewable in compare view

Updates docker/login-action from 3.4.0 to 3.6.0

Release notes

Sourced from docker/login-action's releases.

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

Bump @aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870

Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

Commits

5e57cd1 Merge pull request #890 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
97e3143 chore: update generated content
3a0796b build(deps): bump the aws-sdk-dependencies group with 2 updates
5b7b28b Merge pull request #882 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
abc9fb3 chore: update generated content
d468688 build(deps): bump the aws-sdk-dependencies group with 2 updates
a99b2f8 Merge pull request #883 from docker/dependabot/npm_and_yarn/docker/actions-to...
0d7fae8 chore: update generated content
9832253 build(deps): bump @docker/actions-toolkit from 0.62.1 to 0.63.0
09e05bb Merge pull request #881 from docker/dependabot/npm_and_yarn/tmp-0.2.4
Additional commits viewable in compare view

Updates docker/metadata-action from 5.7.0 to 5.8.0

Release notes

Sourced from docker/metadata-action's releases.

v5.8.0

New is_not_default_branch global expression by @crazy-max in docker/metadata-action#535

Allow to match part of the git tag or value for semver/pep440 types by @crazy-max in docker/metadata-action#536 docker/metadata-action#537

Bump @actions/github from 6.0.0 to 6.0.1 in docker/metadata-action#523

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/metadata-action#526

Bump form-data from 2.5.1 to 2.5.5 in docker/metadata-action#533

Bump moment-timezone from 0.5.47 to 0.6.0 in docker/metadata-action#525

Bump semver from 7.7.1 to 7.7.2 in docker/metadata-action#524

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

Commits

c1e5197 Merge pull request #537 from crazy-max/pep440-match
89dd65a chore: update generated content
699ee45 allow to match part of the git tag or value for pep440 type
e0542a6 Merge pull request #536 from crazy-max/semver-match
b7facdf chore: update generated content
81c60df allow to match part of the git tag or value for semver type
de11195 Merge pull request #535 from crazy-max/not_def_branch
2f9c64b Merge pull request #533 from docker/dependabot/npm_and_yarn/form-data-2.5.5
510f746 chore: update generated content
2bc3f4e is_not_default_branch global expression
Additional commits viewable in compare view

Updates peter-evans/dockerhub-description from 4.0.2 to 5.0.0

Release notes

Sourced from peter-evans/dockerhub-description's releases.

Docker Hub Description v5.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

build(deps-dev): bump eslint-plugin-prettier from 5.2.5 to 5.2.6 by @dependabot[bot] in peter-evans/dockerhub-description#312

build(deps-dev): bump eslint-plugin-prettier from 5.2.6 to 5.3.1 by @dependabot[bot] in peter-evans/dockerhub-description#313

build(deps-dev): bump eslint-plugin-prettier from 5.3.1 to 5.4.0 by @dependabot[bot] in peter-evans/dockerhub-description#314

build(deps-dev): bump eslint-plugin-prettier from 5.4.0 to 5.4.1 by @dependabot[bot] in peter-evans/dockerhub-description#315

build(deps-dev): bump eslint-plugin-prettier from 5.4.1 to 5.5.0 by @dependabot[bot] in peter-evans/dockerhub-description#316

build(deps-dev): bump prettier from 3.5.3 to 3.6.2 by @dependabot[bot] in peter-evans/dockerhub-description#317

build(deps-dev): bump eslint-plugin-prettier from 5.5.0 to 5.5.1 by @dependabot[bot] in peter-evans/dockerhub-description#318

build(deps-dev): bump eslint-plugin-prettier from 5.5.1 to 5.5.3 by @dependabot[bot] in peter-evans/dockerhub-description#320

build(deps): bump form-data from 3.0.1 to 3.0.4 by @dependabot[bot] in peter-evans/dockerhub-description#321

build(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in peter-evans/dockerhub-description#322

build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 by @dependabot[bot] in peter-evans/dockerhub-description#323

build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in peter-evans/dockerhub-description#324

build(deps): bump actions/setup-node from 4 to 5 by @dependabot[bot] in peter-evans/dockerhub-description#325

build(deps-dev): bump @vercel/ncc from 0.38.3 to 0.38.4 by @dependabot[bot] in peter-evans/dockerhub-description#326

v5 by @peter-evans in peter-evans/dockerhub-description#327

Full Changelog: peter-evans/dockerhub-description@v4.0.2...v5.0.0

Commits

1b9a80c feat: v5 (#327)
ef9b19a build(deps-dev): bump @vercel/ncc from 0.38.3 to 0.38.4 (#326)
a48612b build(deps): bump actions/setup-node from 4 to 5 (#325)
08eafd1 build(deps): bump actions/checkout from 4 to 5 (#324)
a0bee1b build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 (#323)
2877192 build(deps): bump actions/download-artifact from 4 to 5 (#322)
444ccd3 build(deps): bump form-data from 3.0.1 to 3.0.4 (#321)
aca792b build(deps-dev): bump eslint-plugin-prettier from 5.5.1 to 5.5.3 (#320)
940963a build(deps-dev): bump eslint-plugin-prettier from 5.5.0 to 5.5.1 (#318)
0b249a1 build(deps-dev): bump prettier from 3.5.3 to 3.6.2 (#317)
Additional commits viewable in compare view

Updates github/codeql-action from 3.29.2 to 4.31.0

Release notes

Sourced from github/codeql-action's releases.

v4.31.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.0 - 24 Oct 2025

Bump minimum CodeQL bundle version to 2.17.6. #3223

When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

See the full CHANGELOG.md for more information.

v4.30.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.9 - 17 Oct 2025

Update default CodeQL bundle version to 2.23.3. #3205

Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

See the full CHANGELOG.md for more information.

v4.30.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.8 - 10 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.30.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.30.7 - 06 Oct 2025

[v4+ only] The CodeQL Action now runs on Node.js v24. #3169

See the full CHANGELOG.md for more information.

v3.31.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.0 - 24 Oct 2025

Bump minimum CodeQL bundle version to 2.17.6. #3223

When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

Update default CodeQL bundle version to 2.23.3. #3205

Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

[v4+ only] The CodeQL Action now runs on Node.js v24. #3169

3.30.6 - 02 Oct 2025

Update default CodeQL bundle version to 2.23.2. #3168

3.30.5 - 26 Sep 2025

We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100

We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107

You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130

Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

Fixed a bug which could cause language autodetection to fail. #3084

Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

... (truncated)

Commits

4e94bd1 Merge pull request #3235 from github/update-v4.31.0-1d36546c1
8f11182 Update changelog for v4.31.0
1d36546 Merge pull request #3234 from github/mbg/changelog/post-processing
08ada26 Add changelog entry for post-processing change
b843cbe Merge pull request #3233 from github/mbg/getOptionalEnvVar
1ecd563 Use getOptionalEnvVar in writePostProcessedFiles
e576807 Merge pull request #3223 from github/henrymercer/bump-minimum
ad35676 Add getOptionalEnvVar function
d75645b Merge pull request #3222 from github/mbg/upload-lib/post-process
710606c Check that outputPath is non-empty
Additional commits viewable in compare view

Updates actions/setup-java from 4.7.1 to 5.0.0

Release notes

Sourced from actions/setup-java's releases.

v5.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-java#888

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

Upgrade Publish Immutable Action by @HarithaVattikuti in actions/setup-java#798

Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @dependabot[bot] in actions/setup-java#730

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-java#833

Upgrade form-data to bring in fix for critical vulnerability by @gowridurgad in actions/setup-java#887

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-java#896

Bug Fixes

Prevent default installation of JetBrains pre-releases by @priyagupta108 in actions/setup-java#859

Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failures by @gowridurgad in actions/setup-java#848

New Contributors

@gowridurgad made their first contribution in actions/setup-java#848

@salmanmkc made their first contribution in actions/setup-java#888

Full Changelog: actions/setup-java@v4...v5.0.0

Commits

dded088 Bump actions/checkout from 4 to 5 (#896)
0913e9a Upgrade to node 24 (#888)
e9343db Bumps form-data (#887)
ae2b61d Bump undici from 5.28.5 to 5.29.0 (#833)
c190c18 Bump eslint-plugin-jest from 27.9.0 to 29.0.1 (#730)
67aec00 Fix: prevent default installation of JetBrains pre-releases (#859)
ebb356c Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failu...
f4f1212 Update publish-immutable-actions.yml (#798)
See full diff in compare view

Updates actions/upload-artifact from 4.6.2 to 5.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @GhadimiR in actions/upload-artifact#681

Update README.md by @nebuk89 in actions/upload-artifact#712

Readme: spell out the first use of GHES by @danwkennedy in actions/upload-artifact#727

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/upload-artifact#725

Bump @actions/artifact to v4.0.0

Prepare v5.0.0 by @danwkennedy in actions/upload-artifact#734

New Contributors

@GhadimiR made their first contribution in actions/upload-artifact#681

@nebuk89 made their first contribution in actions/upload-artifact#712

@danwkennedy made their first contribution in actions/upload-artifact#727

@patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits

330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
03f2824 Update github.dep.yml
905a1ec Prepare v5.0.0
2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
9687587 Merge branch 'main' into patch-1
2848b2c Merge pull request #727 from danwkennedy/patch-1
9b51177 Spell out the first use of GHES
cd231ca Update GHES guidance to include reference to Node 20 version
de65e23 Merge pull request #712 from actions/nebuk89-patch-1
8747d8c Update README.md
Additional commits viewable in compare view

Updates checkmarx/kics-github-action from 2.1.11 to 2.1.15

Release notes

Sourced from checkmarx/kics-github-action's releases.

v2.1.15

What's Changed

Update kics to version 2.1.15 by @cx-bruno-silva in Checkmarx/kics-github-action#143

Full Changelog: Checkmarx/kics-github-action@v2.1.14...v2.1.15

v2.1.14

What's Changed

Update kics to version 2.1.14 by @cx-bruno-silva in Checkmarx/kics-github-action#141

Full Changelog: Checkmarx/kics-github-action@v2.1.13...v2.1.14

v2.1.13

What's Changed

bump kics version to 2-1-13 by @cx-monica-casanova in Checkmarx/kics-github-action#139

Full Changelog: Checkmarx/kics-github-action@v2.1.12...v2.1.13

v2.1.12

What's Changed

bumps kics version to 2.1.12 by @cx-monica-casanova in Checkmarx/kics-github-action#136

Full Changelog: Checkmarx/kics-github-action@v2.1.11...v2.1.12

Commits

86775e4 Update kics to version 2.1.15 (#143)
c11ca46 Update kics to version 2.1.14 (#141)
7145454 bump kics version to 2-1-13 (#139)
cd1f377 bumps kics version to 2.1.12 (#136)
See full diff in compare view

Updates amannn/action-semantic-pull-request from 5.5.3 to 6.1.1

Release notes

Sourced from amannn/action-semantic-pull-request's releases.

v6.1.1

6.1.1 (2025-08-22)

Bug Fixes

Parse headerPatternCorrespondence properly (#295) (800da4c)

v6.1.0

dependabot · 2025-11-17T02:18:30Z

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

…pdates Bumps the dependencies group with 12 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `5.0.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.4.0` | `6.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.6.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.7.0` | `5.8.0` | | [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) | `4.0.2` | `5.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.29.2` | `4.31.0` | | [actions/setup-java](https://github.com/actions/setup-java) | `4.7.1` | `5.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `5.0.0` | | [checkmarx/kics-github-action](https://github.com/checkmarx/kics-github-action) | `2.1.11` | `2.1.15` | | [amannn/action-semantic-pull-request](https://github.com/amannn/action-semantic-pull-request) | `5.5.3` | `6.1.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.32.0` | `0.33.1` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.90.1` | `3.90.11` | Updates `actions/checkout` from 4.2.2 to 5.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@11bd719...08c6903) Updates `actions/setup-node` from 4.4.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@49933ea...2028fbc) Updates `docker/login-action` from 3.4.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@74a5d14...5e57cd1) Updates `docker/metadata-action` from 5.7.0 to 5.8.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@902fa8e...c1e5197) Updates `peter-evans/dockerhub-description` from 4.0.2 to 5.0.0 - [Release notes](https://github.com/peter-evans/dockerhub-description/releases) - [Commits](peter-evans/dockerhub-description@432a30c...1b9a80c) Updates `github/codeql-action` from 3.29.2 to 4.31.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@181d5ee...4e94bd1) Updates `actions/setup-java` from 4.7.1 to 5.0.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@c5195ef...dded088) Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) Updates `checkmarx/kics-github-action` from 2.1.11 to 2.1.15 - [Release notes](https://github.com/checkmarx/kics-github-action/releases) - [Commits](Checkmarx/kics-github-action@3545b74...86775e4) Updates `amannn/action-semantic-pull-request` from 5.5.3 to 6.1.1 - [Release notes](https://github.com/amannn/action-semantic-pull-request/releases) - [Changelog](https://github.com/amannn/action-semantic-pull-request/blob/main/CHANGELOG.md) - [Commits](amannn/action-semantic-pull-request@0723387...48f2562) Updates `aquasecurity/trivy-action` from 0.32.0 to 0.33.1 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@dc5a429...b6643a2) Updates `trufflesecurity/trufflehog` from 3.90.1 to 3.90.11 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Changelog](https://github.com/trufflesecurity/trufflehog/blob/main/.goreleaser.yml) - [Commits](trufflesecurity/trufflehog@907ac64...ad6fc8f) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/setup-node dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: docker/metadata-action dependency-version: 5.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: peter-evans/dockerhub-description dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: github/codeql-action dependency-version: 4.31.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/setup-java dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: checkmarx/kics-github-action dependency-version: 2.1.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: amannn/action-semantic-pull-request dependency-version: 6.1.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: aquasecurity/trivy-action dependency-version: 0.33.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: trufflesecurity/trufflehog dependency-version: 3.90.11 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

sonarqubecloud · 2025-11-24T02:12:35Z

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

dependabot bot added dependabot github-actions labels Oct 27, 2025

github-project-automation bot added this to Portal Oct 27, 2025

dependabot bot added the github-actions label Oct 27, 2025

dependabot bot force-pushed the dependabot/github_actions/dependencies-54fdb51e34 branch from c44c741 to c1d9e97 Compare November 24, 2025 02:11

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the dependencies group across 1 directory with 12 updates #1665

build(deps): bump the dependencies group across 1 directory with 12 updates #1665

Uh oh!

dependabot bot commented on behalf of github Oct 27, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Nov 17, 2025

Uh oh!

sonarqubecloud bot commented Nov 24, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

build(deps): bump the dependencies group across 1 directory with 12 updates #1665

Are you sure you want to change the base?

build(deps): bump the dependencies group across 1 directory with 12 updates #1665

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.0

What's Changed

New Contributors

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v6.0.0

What's Changed

v5.0.0

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

v3.6.0

v3.5.0

v5.8.0

Docker Hub Description v5.0.0

What's Changed

v4.31.0

CodeQL Action Changelog

4.31.0 - 24 Oct 2025

v4.30.9

CodeQL Action Changelog

4.30.9 - 17 Oct 2025

v4.30.8

CodeQL Action Changelog

4.30.8 - 10 Oct 2025

v4.30.7

CodeQL Action Changelog

4.30.7 - 06 Oct 2025

v3.31.0

CodeQL Action Changelog

CodeQL Action Changelog

[UNRELEASED]

4.31.0 - 24 Oct 2025

4.30.9 - 17 Oct 2025

4.30.8 - 10 Oct 2025

4.30.7 - 06 Oct 2025

3.30.6 - 02 Oct 2025

3.30.5 - 26 Sep 2025

3.30.4 - 25 Sep 2025

3.30.3 - 10 Sep 2025

3.30.2 - 09 Sep 2025

v5.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Bug Fixes

New Contributors

v5.0.0

What's Changed

New Contributors

v2.1.15

What's Changed

v2.1.14

What's Changed

v2.1.13

What's Changed

v2.1.12

What's Changed

v6.1.1

6.1.1 (2025-08-22)

dependabot bot commented on behalf of github Oct 27, 2025 •

edited

Loading