Skip to content

Bump the actions group across 1 directory with 10 updates #3733

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Bump the actions group across 1 directory with 10 updates #3733

wants to merge 4 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 18, 2025
edited
Loading

Bumps the actions group with 10 updates in the / directory:

Package From To
Swatinem/rust-cache 2.7.8 2.8.1
actions/download-artifact 4 5
actions/stale 9 10
dtolnay/rust-toolchain b3b07ba8b418998c39fb20f53e8b695cdcc8de1b 6d653acede28d24f02e3cd41383119e8b1b35921
crate-ci/typos 1.31.2 1.36.2
actions/setup-node 4 5
actions/upload-pages-artifact 3 4
actions/github-script 7 8
mikefarah/yq 4.45.1 4.47.2
slackapi/slack-github-action 2.0.0 2.1.1

Updates Swatinem/rust-cache from 2.7.8 to 2.8.1

Release notes

Sourced from Swatinem/rust-cache's releases.

v2.8.1

What's Changed

New Contributors

Full Changelog: Swatinem/rust-cache@v2...v2.8.1

v2.8.0

What's Changed

New Contributors

Full Changelog: Swatinem/rust-cache@v2.7.8...v2.8.0

Changelog

Sourced from Swatinem/rust-cache's changelog.

Changelog

2.8.1

  • Set empty CARGO_ENCODED_RUSTFLAGS when retrieving metadata
  • Various dependency updates

2.8.0

  • Add support for warpbuild cache provider
  • Add new cache-workspace-crates feature

2.7.8

  • Include CPU arch in the cache key

2.7.7

  • Also cache cargo install metadata

2.7.6

  • Allow opting out of caching $CARGO_HOME/bin
  • Add runner OS in cache key
  • Adds an option to do lookup-only of the cache

2.7.5

  • Support Cargo.lock format cargo-lock v4
  • Only run macOsWorkaround() on macOS

2.7.3

  • Work around upstream problem that causes cache saving to hang for minutes.

2.7.2

  • Only key by Cargo.toml and Cargo.lock files of workspace members.

2.7.1

  • Update toml parser to fix parsing errors.

2.7.0

  • Properly cache trybuild tests.

2.6.2

  • Fix toml parsing.

... (truncated)

Commits
  • f13886b 2.8.1
  • 5abb1e2 update dependencies, prepare for release
  • 3c68c31 Bump @​types/node from 24.2.1 to 24.3.0 in the dev-minor group (#258)
  • 5467cca Update README.md (#234)
  • 94b28bf Bump actions/setup-node from 4 to 5 in the actions group (#259)
  • cb8ffc2 Bump typescript from 5.8.3 to 5.9.2 in the dev-minor group (#256)
  • c4f0bbd Bump @​types/node from 22.16.3 to 24.2.1 in the dev-major group (#255)
  • d8c5063 chore(dependabot): regenerate and commit dist/ (#257)
  • 267a8a9 Merge pull request #254 from Swatinem/dependabot/npm_and_yarn/prd-patch-d0e2e...
  • 46cb408 Bump the prd-patch group with 2 updates
  • Additional commits viewable in compare view

Updates actions/download-artifact from 4 to 5

Release notes

Sourced from actions/download-artifact's releases.

v5.0.0

What's Changed

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

  • By name: name: my-artifact → extracted to path/ (direct)
  • By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

  • By name: name: my-artifact → extracted to path/ (unchanged)
  • By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:
  • You download artifacts by name
  • You download multiple artifacts by ID
  • You already use merge-multiple: true as a workaround
⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist
# Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

</tr></table>

... (truncated)

Commits
  • 634f93c Merge pull request #416 from actions/single-artifact-id-download-path
  • b19ff43 refactor: resolve download path correctly in artifact download tests (mainly ...
  • e262cbe bundle dist
  • bff23f9 update docs
  • fff8c14 fix download path logic when downloading a single artifact by id
  • 448e3f8 Merge pull request #407 from actions/nebuk89-patch-1
  • 47225c4 Update README.md
  • See full diff in compare view

Updates actions/stale from 9 to 10

Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Full Changelog: actions/stale@v9...v10.0.0

v9.1.0

What's Changed

New Contributors

Full Changelog: actions/stale@v9...v9.1.0

Changelog

Sourced from actions/stale's changelog.

Changelog

[9.1.0]

What's Changed

[9.0.0]

Breaking Changes

  1. Action is now stateful: If the action ends because of operations-per-run then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.
  2. Version 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.

What Else Changed

  1. Performance optimization that removes unnecessary API calls by @​dsame in #1033; fixes #792
  2. Logs displaying current GitHub API rate limit by @​dsame in #1032; addresses #1029

For more information, please read the action documentation and its section about statefulness

[4.1.1]

In scope of this release we updated actions/core to 1.10.0 for v4 and fixed issues operation count.

[8.0.0]

⚠️ This version contains breaking changes ⚠️

[7.0.0]

⚠️ Breaking change ⚠️

... (truncated)

Commits

Updates dtolnay/rust-toolchain from b3b07ba8b418998c39fb20f53e8b695cdcc8de1b to 6d653acede28d24f02e3cd41383119e8b1b35921

Commits
  • 6d653ac Merge pull request #171 from dtolnay/up
  • 30dc51d Update Linux arm64 runner to Ubuntu 24.04
  • e97e2d8 Update actions/checkout@v4 -> v5
  • 3bd6ba1 Merge pull request #168 from dtolnay/sed
  • 0185c06 Fix update-revs.sh to recognize only the intended required: true
  • 350b817 Merge pull request #166 from dtolnay/fix1
  • 6ded28b Try without comment?
  • cc2784c Merge pull request #165 from dtolnay/fix2
  • f6642a8 Try without backtick?
  • 5ee21dc Merge pull request #162 from dtolnay/pin
  • Additional commits viewable in compare view

Updates crate-ci/typos from 1.31.2 to 1.36.2

Release notes

Sourced from crate-ci/typos's releases.

v1.36.2

[1.36.2] - 2025-09-04

Fixes

  • Fix regression from 1.36.1 when rendering an error for a line with invalid UTF-8

v1.36.1

[1.36.1] - 2025-09-03

Fixes

  • Replaced the error rendering for various quality of life improvements

v1.36.0

[1.36.0] - 2025-09-02

Features

v1.35.8

[1.35.8] - 2025-09-02

v1.35.7

[1.35.7] - 2025-08-29

Documentation

  • Expand PyPI metadata

v1.35.6

[1.35.6] - 2025-08-28

Fixes

  • Track go.mod as a golang file (regression from 1.13.21)

v1.35.5

[1.35.5] - 2025-08-18

Fixes

  • Fix typo in correction to accidently
  • Fix typo in correction to dynamincally
  • Fix typo in correction to interruptability
  • Fix typo in correction to interruptability
  • Fix typo in correction to messager
  • Fix typo in correction to preferables
  • Fix typo in correction to producibles

... (truncated)

Changelog

Sourced from crate-ci/typos's changelog.

[1.36.2] - 2025-09-04

Fixes

  • Fix regression from 1.36.1 when rendering an error for a line with invalid UTF-8

[1.36.1] - 2025-09-03

Fixes

  • Replaced the error rendering for various quality of life improvements

[1.36.0] - 2025-09-02

Features

[1.35.8] - 2025-09-02

[1.35.7] - 2025-08-29

Documentation

  • Expand PyPI metadata

[1.35.6] - 2025-08-28

Fixes

  • Track go.mod as a golang file (regression from 1.13.21)

[1.35.5] - 2025-08-18

Fixes

  • Fix typo in correction to accidently
  • Fix typo in correction to dynamincally
  • Fix typo in correction to interruptability
  • Fix typo in correction to interruptability
  • Fix typo in correction to messager
  • Fix typo in correction to preferables
  • Fix typo in correction to producibles
  • Fix typo in correction to restauranteur
  • Fix typo in correction to restauranteurs
  • Fix typo in correction to searialize
  • Fix typo in correction to somethin
  • Fix typo in correction to unaccessible
  • Fix typo in correction to unnesessarily

... (truncated)

Commits

Updates actions/setup-node from 4 to 5

Release notes

Sourced from actions/setup-node's releases.

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

What's Changed

Bug fixes:

Enhancement:

Dependency update:

New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

... (truncated)

Commits

Updates actions/upload-pages-artifact from 3 to 4

Release notes

Sourced from actions/upload-pages-artifact's releases.

v4.0.0

What's Changed

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

v3.0.1

Changelog

See details of all code changes since previous release.

Commits
  • 7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
  • 4cc19c7 Pin actions/upload-artifact to SHA
  • 2d163be Merge pull request #107 from KittyChiu/main
  • c704843 fix: linted README
  • 9605915 Merge pull request #106 from KittyChiu/kittychiu/update-readme-1
  • e59cdfe Update README.md
  • a2d6704 doc: updated usage section in readme
  • 984864e Merge pull request #105 from actions/Jcambass-patch-1
  • 45dc788 Add workflow file for publishing releases to immutable action package
  • efaad07 Merge pull request #102 from actions/hidden-files
  • Additional commits viewable in compare view

Updates actions/github-script from 7 to 8

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v7...v7.1.0

... (truncated)

Commits

Updates mikefarah/yq from 4.45.1 to 4.47.2

Release notes

Sourced from mikefarah/yq's releases.

v4.47.2

v4.47.1 - Merge Anchor fixes (with flag)

  • Fixed merge anchor behaviour (<<); #2404, #2110, #2386, #2178 Huge thanks to @​stevenwdv! Note that you will need to set --yaml-fix-merge-anchor-to-spec to see the fixes
  • Fixed panic for syntax error when creating a map #2423
  • Bumped dependencies

v4.46.1 - INI support + bug fixes

  • Added INI support
  • Fixed 'add' operator when piped in with no data #2378, #2383, #2384
  • Fixed delete after slice problem (bad node path) #2387 Thanks @​antoinedeschenes
  • Fixed yq small build Thanks @​imzue
  • Switched to YAML org supported go-yaml!
  • Bumped dependencies

v4.45.4 - Fixing wrong map() behaviour on empty map

  • Fixing wrong map() behaviour on empty map #2359
  • Bumped dependencies

v4.45.3 - Fixes regression bug(s)

  • Fixing regression (#2353, #2359, #2325) introduced with in 4.45.2 with #2325 fix
  • Bumped dependencies

Sorry for the regression folks! 😓 fwiw I have since added automated tests to capture the scenarios provided in the regression bug tickets

v4.45.2

Changelog

Sourced from mikefarah/yq's changelog.

4.47.2:

4.47.1:

  • Fixed merge anchor behaviour (<<); #2404, #2110, #2386, #2178 Huge thanks to @​stevenwdv! Note that you will need to set --yaml-fix-merge-anchor-to-spec to see the fixes
  • Fixed panic for syntax error when creating a map #2423
  • Bumped dependencies

4.46.1:

  • Added INI support
  • Fixed 'add' operator when piped in with no data #2378, #2383, #2384
  • Fixed delete after slice problem (bad node path) #2387 Thanks @​antoinedeschenes
  • Fixed yq small build Thanks @​imzue
  • Switched to YAML org supported go-yaml!
  • Bumped dependencies

4.45.4:

  • Fixing wrong map() behaviour on empty map #2359
  • Bumped dependencies

4.45.3:

  • Fixing regression introduced with in 4.45.2 with #2325 fix 😓 sorry folks!
  • Bumped dependencies

4.45.2:

4.45.1:

  • Create parent directories when --split-exp is used, Thanks @​rudo-thomas
  • Bumped dependencies

4.44.6:

  • Fixed deleting items in array bug #2027,

@dependabot dependabot bot requested a review from a team as a code owner September 18, 2025 09:53
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 18, 2025
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 18, 2025
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions-ac32cb7443 branch from d05c2fb to 294bfeb Compare October 1, 2025 13:04
@dependabot
Bump the actions group across 1 directory with 10 updates
d8f9ec6 
Bumps the actions group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [Swatinem/rust-cache](https://github.com/swatinem/rust-cache) | `2.7.8` | `2.8.1` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `5` |
| [actions/stale](https://github.com/actions/stale) | `9` | `10` |
| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `b3b07ba8b418998c39fb20f53e8b695cdcc8de1b` | `6d653acede28d24f02e3cd41383119e8b1b35921` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.31.2` | `1.36.2` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `5` |
| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3` | `4` |
| [actions/github-script](https://github.com/actions/github-script) | `7` | `8` |
| [mikefarah/yq](https://github.com/mikefarah/yq) | `4.45.1` | `4.47.2` |
| [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `2.0.0` | `2.1.1` |



Updates `Swatinem/rust-cache` from 2.7.8 to 2.8.1
- [Release notes](https://github.com/swatinem/rust-cache/releases)
- [Changelog](https://github.com/Swatinem/rust-cache/blob/master/CHANGELOG.md)
- [Commits](Swatinem/rust-cache@9d47c6a...f13886b)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4...v5)

Updates `actions/stale` from 9 to 10
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v9...v10)

Updates `dtolnay/rust-toolchain` from b3b07ba8b418998c39fb20f53e8b695cdcc8de1b to 6d653acede28d24f02e3cd41383119e8b1b35921
- [Release notes](https://github.com/dtolnay/rust-toolchain/releases)
- [Commits](dtolnay/rust-toolchain@b3b07ba...6d653ac)

Updates `crate-ci/typos` from 1.31.2 to 1.36.2
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](crate-ci/typos@v1.31.2...v1.36.2)

Updates `actions/setup-node` from 4 to 5
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v5)

Updates `actions/upload-pages-artifact` from 3 to 4
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](actions/upload-pages-artifact@v3...v4)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v8)

Updates `mikefarah/yq` from 4.45.1 to 4.47.2
- [Release notes](https://github.com/mikefarah/yq/releases)
- [Changelog](https://github.com/mikefarah/yq/blob/master/release_notes.txt)
- [Commits](mikefarah/yq@8bf425b...6251e95)

Updates `slackapi/slack-github-action` from 2.0.0 to 2.1.1
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@v2.0.0...v2.1.1)

---
updated-dependencies:
- dependency-name: Swatinem/rust-cache
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: dtolnay/rust-toolchain
  dependency-version: 6d653acede28d24f02e3cd41383119e8b1b35921
  dependency-type: direct:production
  dependency-group: actions
- dependency-name: crate-ci/typos
  dependency-version: 1.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-pages-artifact
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: mikefarah/yq
  dependency-version: 4.47.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: slackapi/slack-github-action
  dependency-version: 2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions-ac32cb7443 branch from 294bfeb to d8f9ec6 Compare October 2, 2025 11:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@franciszekjob franciszekjob franciszekjob approved these changes

@ksew1 ksew1 ksew1 approved these changes

@MKowalski8 MKowalski8 Awaiting requested review from MKowalski8 MKowalski8 is a code owner automatically assigned from foundry-rs/starknet-foundry

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@franciszekjob @ksew1 @cptartur