Skip to content

deps(ci): bump the github-actions group with 6 updates #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

deps(ci): bump the github-actions group with 6 updates #46

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Dec 3, 2025
edited
Loading

Bumps the github-actions group with 6 updates:

Package From To
actions/checkout 4 6
codecov/codecov-action 4 5
actions/setup-node 4 6
actions/configure-pages 4 5
actions/upload-pages-artifact 3 4
EmbarkStudios/cargo-deny-action 1 2

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Updates codecov/codecov-action from 4 to 5

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING] The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Commits

Updates actions/setup-node from 4 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

Updates actions/configure-pages from 4 to 5

Release notes

Sourced from actions/configure-pages's releases.

v5.0.0

Breaking Changes

⚠️ This version contains breaking changes! ⚠️

Full Changelog

See details of all code changes since previous release.

Commits
  • 983d773 Merge pull request #139 from actions/config-auto-detect
  • 9cf6e24 Tweak comment
  • f304bd8 Update distributables
  • 215cd51 Attempt to detect existing config files matching the expected basename plus o...
  • e9382ac Front-load the file extension warning
  • 7781abd Merge pull request #138 from actions/error-utils
  • fc47e3c Update distributables
  • 9c9f8a2 Update tests to use the Octokit RequestError class
  • 9a4705d Update distributables
  • f6ded38 Fix syntax error and formatting
  • Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 3 to 4

Release notes

Sourced from actions/upload-pages-artifact's releases.

v4.0.0

What's Changed

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

v3.0.1

Changelog

See details of all code changes since previous release.

Commits
  • 7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
  • 4cc19c7 Pin actions/upload-artifact to SHA
  • 2d163be Merge pull request #107 from KittyChiu/main
  • c704843 fix: linted README
  • 9605915 Merge pull request #106 from KittyChiu/kittychiu/update-readme-1
  • e59cdfe Update README.md
  • a2d6704 doc: updated usage section in readme
  • 984864e Merge pull request #105 from actions/Jcambass-patch-1
  • 45dc788 Add workflow file for publishing releases to immutable action package
  • efaad07 Merge pull request #102 from actions/hidden-files
  • Additional commits viewable in compare view

Updates EmbarkStudios/cargo-deny-action from 1 to 2

Release notes

Sourced from EmbarkStudios/cargo-deny-action's releases.

Release 2.0.14 - cargo-deny 0.18.6

0.18.5

Changed

  • PR#789 changed it so that release binaries are now built with LTO.
  • PR#790 and PR#794 updated various crates.

Added

  • PR#790 added SARIF as an output format, usable via --format sarif. The current output for this format is experimental and may change in future updates.

0.18.6

Fixed

  • PR#805 updated rustsec to 0.31, resolving #804.
  • PR#810 resolved #809 by printing the crate name and version when its manifest does not contain a license expression.

Added

  • PR#807 added the unused-license-exception option to configure the lint level, resolving #806.

Changed

Release 2.0.13 - cargo-deny 0.18.4

Added

  • PR#779 added the --metadata-path argument to use a cargo metadata JSON file instead of calling cargo metadata, resolving #777.
  • PR#782 added sources.unused-allow-source to allow configuration of the lint level when a source is allowed but not used by any crate in the graph, closing #781.

Changed

  • PR#786 changed the license check output. / is no longer corrected to OR, and if the license expression is found in the package's manifest, that span is used in diagnostic messages instead of the synthesized manifest.

Fixed

  • PR#786 resolved #784 by updating spdx to a new version that forces all GNU licenses to be exactly equal when comparing license expressions to licensee expressions, which is incredibly pedantic, but means the license comparison is entirely in the hands of the user so that I no longer have to deal with GNU licenses.

Release 2.0.12 - cargo-deny 0.18.3

Changed

  • PR#773 changed cargo-deny's duplicate detection to automatically ignore versions whose only dependent is another version of the same crate.

Release 2.0.9 - cargo-deny 0.18.0

  • d8395c1 removed the rustup update.

Release 2.0.7 - cargo-deny 0.18.0

  • PR#92 fixed an issue introduced by the latest rustup release.

Release 2.0.6 - cargo-deny 0.18.0

Changed

  • PR#746 changed the directory naming of advisory databases, again, so the name uses the last path component and a different, but also stable, hashing algorithm. Eg. the default https://github.com/rustsec/advisory-db will now be placed in $CARGO_HOME/advisory-dbs/advisory-db-3157b0e258782691.
  • PR#746 changed the MSRV to 1.85.0 and uses edition 2024.

Fixed

  • PR#746 fixes an issue when using cargo 1.85.0 where source urls were not being properly assigned to crates.io due to the constant being used no longer matching the new path used in cargo 1.85.0 causing eg. workspace dependency checks to fail.

Release 2.0.5 - cargo-deny 0.17.0

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 3, 2025
@dependabot
deps(ci): bump the github-actions group with 6 updates
3ef0575 
Bumps the github-actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `5` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |
| [actions/configure-pages](https://github.com/actions/configure-pages) | `4` | `5` |
| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3` | `4` |
| [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) | `1` | `2` |


Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

Updates `codecov/codecov-action` from 4 to 5
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v4...v5)

Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

Updates `actions/configure-pages` from 4 to 5
- [Release notes](https://github.com/actions/configure-pages/releases)
- [Commits](actions/configure-pages@v4...v5)

Updates `actions/upload-pages-artifact` from 3 to 4
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](actions/upload-pages-artifact@v3...v4)

Updates `EmbarkStudios/cargo-deny-action` from 1 to 2
- [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases)
- [Commits](EmbarkStudios/cargo-deny-action@v1...v2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/configure-pages
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-pages-artifact
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-9d54285262 branch from 7e766e0 to 3ef0575 Compare December 8, 2025 15:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants