Bump the actions group across 1 directory with 5 updates #2218

dependabot · 2025-10-04T04:27:47Z

Bumps the actions group with 5 updates in the / directory:

Package	From	To
mongodb-labs/drivers-github-tools	`2`	`3`
actions/labeler	`5`	`6`
ossf/scorecard-action	`2.4.2`	`2.4.3`
actions/setup-python	`5`	`6`
actions/setup-go	`5`	`6`

Updates mongodb-labs/drivers-github-tools from 2 to 3

Commits

3bc6b73 fix syntax
c4f582f fix tag handling
2630feb DRIVERS-3232 Fix second aws credential handling
0e9d300 DRIVERS-3232 Fix version bump (#93)
98d0577 DRIVERS-3232 Move ECR login to before Assuming Team Role (#92)
4e6efbd DRIVERS-3232 Fix tag command (#91)
6514a85 DRIVERS-3232 Use ECR instead of artifactory and update to v3 (#84)
0eb77c2 Updates to DBX Ruby release process (#86)
See full diff in compare view

Updates actions/labeler from 5 to 6

Release notes

Sourced from actions/labeler's releases.

v6.0.0

What's Changed

Add workflow file for publishing releases to immutable action package by @jcambass in actions/labeler#802

Breaking Changes

Upgrade Node.js version to 24 in action and dependencies @salmanmkc in actions/labeler#891 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Dependency Upgrades

Upgrade eslint-config-prettier from 9.0.0 to 9.1.0 by @dependabot[bot] in actions/labeler#711

Upgrade eslint from 8.52.0 to 8.55.0 by @dependabot[bot] in actions/labeler#720

Upgrade @types/jest from 29.5.6 to 29.5.11 by @dependabot[bot] in actions/labeler#719

Upgrade @types/js-yaml from 4.0.8 to 4.0.9 by @dependabot[bot] in actions/labeler#718

Upgrade @typescript-eslint/parser from 6.9.0 to 6.14.0 by @dependabot[bot] in actions/labeler#717

Upgrade prettier from 3.0.3 to 3.1.1 by @dependabot[bot] in actions/labeler#726

Upgrade eslint from 8.55.0 to 8.56.0 by @dependabot[bot] in actions/labeler#725

Upgrade @typescript-eslint/parser from 6.14.0 to 6.19.0 by @dependabot[bot] in actions/labeler#745

Upgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by @dependabot[bot] in actions/labeler#744

Upgrade @typescript-eslint/eslint-plugin from 6.9.0 to 6.20.0 by @dependabot[bot] in actions/labeler#750

Upgrade prettier from 3.1.1 to 3.2.5 by @dependabot[bot] in actions/labeler#752

Upgrade undici from 5.26.5 to 5.28.3 by @dependabot[bot] in actions/labeler#757

Upgrade braces from 3.0.2 to 3.0.3 by @dependabot[bot] in actions/labeler#789

Upgrade minimatch from 9.0.3 to 10.0.1 by @dependabot[bot] in actions/labeler#805

Upgrade @actions/core from 1.10.1 to 1.11.1 by @dependabot[bot] in actions/labeler#811

Upgrade typescript from 5.4.3 to 5.7.2 by @dependabot[bot] in actions/labeler#819

Upgrade @typescript-eslint/parser from 7.3.1 to 8.17.0 by @dependabot[bot] in actions/labeler#824

Upgrade prettier from 3.2.5 to 3.4.2 by @dependabot[bot] in actions/labeler#825

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/labeler#827

Upgrade eslint-plugin-jest from 27.9.0 to 28.9.0 by @dependabot[bot] in actions/labeler#832

Upgrade ts-jest from 29.1.2 to 29.2.5 by @dependabot[bot] in actions/labeler#831

Upgrade @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot[bot] in actions/labeler#830

Upgrade typescript from 5.7.2 to 5.7.3 by @dependabot[bot] in actions/labeler#835

Upgrade eslint-plugin-jest from 28.9.0 to 28.11.0 by @dependabot[bot] in actions/labeler#839

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot[bot] in actions/labeler#842

Upgrade @octokit/request-error from 5.0.1 to 5.1.1 by @dependabot[bot] in actions/labeler#846

Documentation changes

Add note regarding pull_request_target to README.md by @silverwind in actions/labeler#669

Update readme with additional examples and important note about pull_request_target event by @IvanZosimov in actions/labeler#721

Document update - permission section by @harithavattikuti in actions/labeler#840

Improvement in documentation for pull_request_target event usage in README by @suyashgaonkar in actions/labeler#871

Fix broken links in documentation by @suyashgaonkar in actions/labeler#822

New Contributors

@silverwind made their first contribution in actions/labeler#669

@Jcambass made their first contribution in actions/labeler#802

@suyashgaonkar made their first contribution in actions/labeler#822

@HarithaVattikuti made their first contribution in actions/labeler#840

@salmanmkc made their first contribution in actions/labeler#891

... (truncated)

Commits

634933e publish-action upgrade to 0.4.0 from 0.2.2 (#901)
f1a63e8 Update Node.js version to 24 in action and dependencies (#891)
b0a1180 Bump @octokit/request-error from 5.0.1 to 5.1.1 (#846)
110d441 Update README.md (#871)
bee50fe Bump undici from 5.28.4 to 5.28.5 (#842)
6463cdb Bump eslint-plugin-jest from 28.9.0 to 28.11.0 (#839)
c209686 Bump typescript from 5.7.2 to 5.7.3 (#835)
5184940 Bump @vercel/ncc from 0.38.1 to 0.38.3 (#830)
3629d55 Document update - permission section (#840)
d24f7f3 Bump ts-jest from 29.1.2 to 29.2.5 (#831)
Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.4.2 to 2.4.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

docs: clarify GITHUB_TOKEN permissions needed for private repos by @pankajtaneja5 in ossf/scorecard-action#1574

📖 Fix recommended command to test the image in development by @deivid-rodriguez in ossf/scorecard-action#1583

Other

add missing top-level token permissions to workflows by @timothyklee in ossf/scorecard-action#1566

setup codeowners for requesting reviews by @spencerschrock in ossf/scorecard-action#1576

🌱 Improve printing options by @deivid-rodriguez in ossf/scorecard-action#1584

New Contributors

@timothyklee made their first contribution in ossf/scorecard-action#1566

@pankajtaneja5 made their first contribution in ossf/scorecard-action#1574

@deivid-rodriguez made their first contribution in ossf/scorecard-action#1584

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

Commits

4eaacf0 bump docker to ghcr v2.4.3 (#1587)
42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
92083b5 📖 Fix recommended command to test the image in development (#1583)
7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
c3f1350 🌱 Improve printing options (#1584)
43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
Additional commits viewable in compare view

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Workflow updates related to Ubuntu 20.04 by @aparnajyothi-y in actions/setup-python#1065

Fix for Candidate Not Iterable Error by @aparnajyothi-y in actions/setup-python#1082

Upgrade semver and @types/semver by @dependabot in actions/setup-python#1091

Upgrade prettier from 2.8.8 to 3.5.3 by @dependabot in actions/setup-python#1046

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-python#1081

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Support free threaded Python versions like '3.13t' by @colesbury in actions/setup-python#973

Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade @action/cache from 4.0.0 to 4.0.3 by @priya-kinthali in actions/setup-python#1056

Add support for .tool-versions file in setup-python by @mahabaleshwars in actions/setup-python#1043

Bug fixes:

Fix architecture for pypy on Linux ARM64 by @mayeut in actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.

... (truncated)

Commits

e797f83 Upgrade to node 24 (#1164)
3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
5b668cf Bump actions/checkout from 4 to 5 (#1181)
f62a0e2 Change missing cache directory error to warning (#1182)
9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
36da51d Add version parsing from Pipfile (#1067)
3c6f142 update documentation (#1156)
Additional commits viewable in compare view

Updates actions/setup-go from 5 to 6

Release notes

Sourced from actions/setup-go's releases.

v6.0.0

What's Changed

Breaking Changes

Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @matthewhughes934 in actions/setup-go#460

Upgrade Nodejs runtime from node20 to node 24 by @salmanmkc in actions/setup-go#624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/setup-go#589

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-go#591

Upgrade @typescript-eslint/parser from 8.31.1 to 8.35.1 by @dependabot[bot] in actions/setup-go#590

Upgrade undici from 5.28.5 to 5.29.0 by @dependabot[bot] in actions/setup-go#594

Upgrade typescript from 5.4.2 to 5.8.3 by @dependabot[bot] in actions/setup-go#538

Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @dependabot[bot] in actions/setup-go#603

Upgrade form-data to bring in fix for critical vulnerability by @matthewhughes934 in actions/setup-go#618

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-go#631

New Contributors

@matthewhughes934 made their first contribution in actions/setup-go#618

@salmanmkc made their first contribution in actions/setup-go#624

Full Changelog: actions/setup-go@v5...v6.0.0

v5.5.0

What's Changed

Bug fixes:

Update self-hosted environment validation by @priyagupta108 in actions/setup-go#556

Add manifest validation and improve error handling by @priyagupta108 in actions/setup-go#586

Update template link by @jsoref in actions/setup-go#527

Dependency updates:

Upgrade @action/cache from 4.0.2 to 4.0.3 by @aparnajyothi-y in actions/setup-go#574

Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in actions/setup-go#573

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-go#582

Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @dependabot in actions/setup-go#537

New Contributors

@jsoref made their first contribution in actions/setup-go#527

Full Changelog: actions/setup-go@v5...v5.5.0

v5.4.0

What's Changed

Dependency updates :

Upgrade semver from 7.6.0 to 7.6.3 by @dependabot in actions/setup-go#535

Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @dependabot in actions/setup-go#536

Upgrade @action/cache from 4.0.0 to 4.0.2 by @aparnajyothi-y in actions/setup-go#568

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in actions/setup-go#541

... (truncated)

Commits

4469467 Bump actions/checkout from 4 to 5 (#631)
e093d1e Node 24 upgrade (#624)
1d76b95 Improve toolchain handling (#460)
e75c3e8 Bump form-data to bring in fix for critical vulnerability (#618)
8e57b58 Bump eslint-plugin-jest from 28.11.0 to 29.0.1 (#603)
7c0b336 Bump typescript from 5.4.2 to 5.8.3 (#538)
6f26dcc Bump undici from 5.28.5 to 5.29.0 (#594)
8d4083a Bump @typescript-eslint/parser from 5.62.0 to 8.32.0 (#590)
fa96338 Bump @actions/tool-cache from 2.0.1 to 2.0.2 (#591)
4de67c0 Bump @types/jest from 29.5.12 to 29.5.14 (#589)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [mongodb-labs/drivers-github-tools](https://github.com/mongodb-labs/drivers-github-tools) | `2` | `3` | | [actions/labeler](https://github.com/actions/labeler) | `5` | `6` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | Updates `mongodb-labs/drivers-github-tools` from 2 to 3 - [Release notes](https://github.com/mongodb-labs/drivers-github-tools/releases) - [Commits](mongodb-labs/drivers-github-tools@v2...v3) Updates `actions/labeler` from 5 to 6 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@v5...v6) Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@05b42c6...4eaacf0) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) --- updated-dependencies: - dependency-name: mongodb-labs/drivers-github-tools dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/labeler dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]>

mongodb-drivers-pr-bot · 2025-10-04T04:31:53Z

🧪 Performance Results

Commit SHA: fc2d33c

The following benchmark tests for version 68e0a247f260da00077260b8 had statistically significant changes (i.e., |z-score| > 1.96):

Benchmark	Measurement	% Change	Patch Value	Stable Region	H-Score	Z-Score
BenchmarkBSONFullDocumentDecoding	total_bytes_allocated	14.8735	409441384.0000	Avg: 356428068.9091 Med: 360143680.0000 Stdev: 20551053.1642	0.8348	2.5796
BenchmarkBSONFlatDocumentEncoding	total_mem_allocs	13.5632	262745.0000	Avg: 231364.4690 Med: 231799.0000 Stdev: 7007.6800	0.8811	4.4780
BenchmarkBSONFlatDocumentEncoding	total_bytes_allocated	13.5025	543761144.0000	Avg: 479074249.7699 Med: 479913704.0000 Stdev: 14431557.6550	0.8812	4.4823
BenchmarkBSONFullDocumentDecoding	total_mem_allocs	12.7985	9896736.0000	Avg: 8773820.6042 Med: 8779734.5000 Stdev: 288604.3175	0.8764	3.8908
BenchmarkBSONFullDocumentEncoding	total_bytes_allocated	9.0568	264842632.0000	Avg: 242848379.7522 Med: 242696304.0000 Stdev: 4809646.2804	0.8853	4.5729
BenchmarkBSONFullDocumentEncoding	ns_per_op	-1.2645	23269.0000	Avg: 23567.0000 Med: 23567.0000 Stdev: 21.2132	0.9748	-14.0479
BenchmarkBSONFullDocumentDecoding	ns_per_op	0.8634	75003.0000	Avg: 74361.0000 Med: 74361.0000 Stdev: 67.8823	0.9626	9.4576
BenchmarkBSONFlatDocumentEncoding	allocated_bytes_per_op	-0.1867	6260.0000	Avg: 6271.7080 Med: 6272.0000 Stdev: 2.8806	0.8646	-4.0644
BenchmarkBSONFullDocumentEncoding	allocated_bytes_per_op	-0.1199	5196.0000	Avg: 5202.2389 Med: 5202.0000 Stdev: 2.1140	0.8151	-2.9512
BenchmarkBSONFullDocumentDecoding	allocated_bytes_per_op	-0.0103	25321.0000	Avg: 25323.6042 Med: 25324.0000 Stdev: 1.0865	0.7931	-2.3969

For a comprehensive view of all microbenchmark results for this PR's commit, please check out the Evergreen perf task for this patch.

mongodb-drivers-pr-bot · 2025-10-04T04:43:50Z

API Change Report

No changes found!

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 4, 2025

dependabot bot requested a review from a team as a code owner October 4, 2025 04:27

dependabot bot requested a review from matthewdale October 4, 2025 04:27

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 4, 2025

matthewdale requested review from qingyang-hu and removed request for matthewdale October 6, 2025 18:07

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the actions group across 1 directory with 5 updates #2218

Bump the actions group across 1 directory with 5 updates #2218

dependabot bot commented on behalf of github Oct 4, 2025 •

edited

Loading

Uh oh!

mongodb-drivers-pr-bot bot commented Oct 4, 2025

Uh oh!

mongodb-drivers-pr-bot bot commented Oct 4, 2025

Uh oh!

Uh oh!

Bump the actions group across 1 directory with 5 updates #2218

Are you sure you want to change the base?

Bump the actions group across 1 directory with 5 updates #2218

Conversation

dependabot bot commented on behalf of github Oct 4, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Documentation changes

New Contributors

v2.4.3

What's Changed

Documentation

Other

New Contributors

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.6.0

What's Changed

v5.5.0

What's Changed

Enhancements:

Bug fixes:

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

New Contributors

v5.5.0

What's Changed

Bug fixes:

Dependency updates:

New Contributors

v5.4.0

What's Changed

Dependency updates :

Uh oh!

mongodb-drivers-pr-bot bot commented Oct 4, 2025

🧪 Performance Results

Uh oh!

mongodb-drivers-pr-bot bot commented Oct 4, 2025

API Change Report

Uh oh!

Uh oh!

dependabot bot commented on behalf of github Oct 4, 2025 •

edited

Loading