Bump the dependencies group with 5 updates by dependabot[bot] · Pull Request #63 · hyperpolymath/palimpsest-license

dependabot · 2025-12-24T07:28:47Z

Bumps the dependencies group with 5 updates:

Package	From	To
actions/checkout	`4`	`6`
denoland/setup-deno	`1`	`2`
github/codeql-action	`3`	`4`
webfactory/ssh-agent	`0.9.0`	`0.9.1`
ossf/scorecard-action	`2.3.1`	`2.4.3`

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Commits

8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
See full diff in compare view

Updates denoland/setup-deno from 1 to 2

Release notes

Sourced from denoland/setup-deno's releases.

v2.0.0

What's Changed

feat: v2 by @lucacasonato in denoland/setup-deno#82

Full Changelog: denoland/setup-deno@v1.5.1...v2.0.0

v1.5.2

What's Changed

refactor: use GitHub downloads for stable version download by @crowlKats in denoland/setup-deno#91

Full Changelog: denoland/setup-deno@v1.5.1...v1.5.2

v1.5.1

What's Changed

fix: use npm install by @lucacasonato in denoland/setup-deno#77

Full Changelog: denoland/setup-deno@v1.5.0...v1.5.1

v1.5.0

What's Changed

feat: allow specifying binary name by @crowlKats in denoland/setup-deno#71

feat: support installing rc versions by @crowlKats in denoland/setup-deno#72

chore: migrate code to ESM by @lucacasonato in denoland/setup-deno#73

Full Changelog: denoland/setup-deno@v1.4.1...v1.5.0

1.4.1

What's Changed

docs: update readme

Full Changelog: denoland/setup-deno@1.4.0...v1.4.1

1.4.0

What's Changed

fix: use dl.deno.land for downloading binaries by @crowlKats in denoland/setup-deno#67

Full Changelog: denoland/setup-deno@v1.3.0...1.4.0

v1.3.0

What's Changed

feat: add "latest" as possible version by @crowlKats in denoland/setup-deno#65

1.3.0 by @crowlKats in denoland/setup-deno#66

Full Changelog: denoland/setup-deno@v1.2.0...v1.3.0

... (truncated)

Commits

e95548e 2.0.3 (#102)
8273ddd fix: switch back to package.json as it's necessary for GH actions (#101)
609c005 feat: include a hash of deno.lock files in the cache key automatically (#98)
aa0fea1 feat: add built-in caching via inputs (#89)
db3496c feat: add "lts" version option (#97)
d74ee56 refactor: convert action to TS and bundle code (#95)
909cc5a 2.0.2 (#92)
003ac26 refactor: use GitHub downloads for stable version download (#91)
7c6ecb3 feat: add problem matchers for deno lint (#62)
01524fa 2.0.1 (#86)
Additional commits viewable in compare view

Updates github/codeql-action from 3 to 4

Release notes

Sourced from github/codeql-action's releases.

v3.31.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v3.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v3.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.31.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.31.5 - 24 Nov 2025

... (truncated)

Commits

7e0b77e Merge pull request #3349 from github/dependabot/github_actions/dot-github/wor...
0264b51 Merge pull request #3348 from github/dependabot/npm_and_yarn/npm-minor-38a2a7...
2ac846d Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-38a2a793c5
5d063dd Populate database upload results telemetry
8e921c3 Return status report from cleanupAndUploadDatabases
4b675e4 Merge pull request #3356 from github/mergeback/v4.31.8-to-main-1b168cd3
See full diff in compare view

Updates webfactory/ssh-agent from 0.9.0 to 0.9.1

Release notes

Sourced from webfactory/ssh-agent's releases.

v0.9.1

What's Changed

Acknowledge custom command inputs in cleanup.js by @janopae in webfactory/ssh-agent#235

New Contributors

@janopae made their first contribution in webfactory/ssh-agent#235

Full Changelog: webfactory/ssh-agent@v0.9.0...v0.9.1

Changelog

Sourced from webfactory/ssh-agent's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

v0.9.1 [2024-03-17]

Fixed

Fix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (#235)

v0.9.0 [2024-02-06]

Changed

Update all versions of actions/checkout to v4 (#199)

Update to Node 20 (#201)

v0.8.0 [2023-03-24]

Changed

No longer writing GitHub's SSH host keys to known_hosts (#171)

Update to actions/checkout@v3 (#143)

Allow the user to override the commands for git, ssh-agent, and ssh-add (#154)

v0.7.0 [2022-10-19]

Added

Add the log-public-key input that can be used to turn off logging key identities (#122)

Fixed

Fix path to git binary on Windows, assuming GitHub-hosted runners (#136, #137)

Fix a nonsensical log message (#139)

v0.6.0 [2022-10-19]

Changed

Update the version of Node used by the action from 12 to 16 (https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/).

v0.5.4 [2021-11-21]

Fixed

... (truncated)

Commits

a6f90b1 Release v0.9.1
72c0bfd Improve documentation on why we use os.userInfo()
e3f1a8e Acknowledge custom command inputs in cleanup.js (#235)
b504c19 Update CHANGELOG.md
See full diff in compare view

Updates ossf/scorecard-action from 2.3.1 to 2.4.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

docs: clarify GITHUB_TOKEN permissions needed for private repos by @pankajtaneja5 in ossf/scorecard-action#1574

📖 Fix recommended command to test the image in development by @deivid-rodriguez in ossf/scorecard-action#1583

Other

add missing top-level token permissions to workflows by @timothyklee in ossf/scorecard-action#1566

setup codeowners for requesting reviews by @spencerschrock in ossf/scorecard-action#1576

🌱 Improve printing options by @deivid-rodriguez in ossf/scorecard-action#1584

New Contributors

@timothyklee made their first contribution in ossf/scorecard-action#1566

@pankajtaneja5 made their first contribution in ossf/scorecard-action#1574

@deivid-rodriguez made their first contribution in ossf/scorecard-action#1584

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

v2.4.2

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

v2.4.1

What's Changed

This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.

Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.

use Scorecard library entrypoint instead of Cobra hooking by @spencerschrock in ossf/scorecard-action#1423

Some errors were made into annotations to make them more visible

Make default branch error more prominent by @jsoref in ossf/scorecard-action#1459

There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.

add input for specifying --file-mode by @spencerschrock in ossf/scorecard-action#1509

The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.

🌱 publish docker images to GitHub Container Registry by @spencerschrock in ossf/scorecard-action#1453

Docs

Installation docs update by @JeremiahAHoward in ossf/scorecard-action#1416

New Contributors

@JeremiahAHoward made their first contribution in ossf/scorecard-action#1416

@jsoref made their first contribution in ossf/scorecard-action#1459 Full Changelog: ossf/scorecard-action@v2.4.0...v2.4.1

v2.4.0

What's Changed

... (truncated)

Commits

4eaacf0 bump docker to ghcr v2.4.3 (#1587)
42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
92083b5 📖 Fix recommended command to test the image in development (#1583)
7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
c3f1350 🌱 Improve printing options (#1584)
43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependencies group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [denoland/setup-deno](https://github.com/denoland/setup-deno) | `1` | `2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.9.1` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.4.3` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v4...v6) Updates `denoland/setup-deno` from 1 to 2 - [Release notes](https://github.com/denoland/setup-deno/releases) - [Commits](denoland/setup-deno@v1.0.0...v2) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](github/codeql-action@v3...v4) Updates `webfactory/ssh-agent` from 0.9.0 to 0.9.1 - [Release notes](https://github.com/webfactory/ssh-agent/releases) - [Changelog](https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md) - [Commits](webfactory/ssh-agent@dc588b6...a6f90b1) Updates `ossf/scorecard-action` from 2.3.1 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@v2.3.1...v2.4.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: denoland/setup-deno dependency-version: '2' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: webfactory/ssh-agent dependency-version: 0.9.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 24, 2025

dependabot bot force-pushed the dependabot/github_actions/dependencies-9dabc1efee branch from cf91f08 to 7f1eb88 Compare December 25, 2025 07:24

hyperpolymath merged commit 1f3cd91 into main Dec 25, 2025
2 of 22 checks passed

hyperpolymath deleted the dependabot/github_actions/dependencies-9dabc1efee branch December 25, 2025 08:09

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the dependencies group with 5 updates#63

Bump the dependencies group with 5 updates#63
hyperpolymath merged 1 commit intomainfrom
dependabot/github_actions/dependencies-9dabc1efee

dependabot bot commented on behalf of github Dec 24, 2025 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

v2.0.0

What's Changed

v1.5.2

What's Changed

v1.5.1

What's Changed

v1.5.0

What's Changed

1.4.1

What's Changed

1.4.0

What's Changed

v1.3.0

What's Changed

v3.31.9

CodeQL Action Changelog

3.31.9 - 16 Dec 2025

v3.31.8

CodeQL Action Changelog

3.31.8 - 11 Dec 2025

v3.31.7

CodeQL Action Changelog

3.31.7 - 05 Dec 2025

v3.31.6

CodeQL Action Changelog

3.31.6 - 01 Dec 2025

v3.31.5

CodeQL Action Changelog

3.31.5 - 24 Nov 2025

v0.9.1

What's Changed

New Contributors

Changelog

[Unreleased]

v0.9.1 [2024-03-17]

Fixed

v0.9.0 [2024-02-06]

Changed

v0.8.0 [2023-03-24]

Changed

v0.7.0 [2022-10-19]

Added

Fixed

v0.6.0 [2022-10-19]

Changed

v0.5.4 [2021-11-21]

Fixed

v2.4.3

What's Changed

Documentation

Other

New Contributors

v2.4.2

What's Changed

v2.4.1

What's Changed

Docs

New Contributors

v2.4.0

What's Changed

Uh oh!

Uh oh!

Reviewers

dependabot bot commented on behalf of github Dec 24, 2025 •

edited

Loading