Skip to content

deps(actions): bump the github-actions group with 14 updates #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

deps(actions): bump the github-actions group with 14 updates #4

dependabot wants to merge 1 commit into from
+95 −95

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 5, 2026
edited
Loading

Bumps the github-actions group with 14 updates:

Package From To
actions/checkout 4.3.1 6.0.1
actions/cache 4.3.0 5.0.1
actions/upload-artifact 4.6.2 6.0.0
actions/download-artifact 4 7
peter-evans/repository-dispatch 3 4
mozilla-actions/sccache-action 676c0e67b665684f17941acf5cc3af83bcf10228 9e326ebed976843c9932b3aa0e021c6f50310eb4
EmbarkStudios/cargo-deny-action ef301417264190a1eb9f26fcf171642070085c5b 3f4a782664881cf5725d0ffd23969fcce89fd868
codecov/codecov-action 4.6.0 5.5.2
actions/labeler 5.0.0 6.0.1
actions/setup-node 4 6
actions/setup-python 5 6
gitleaks/gitleaks-action dcedce43c6f43de0b836d1fe38946645c9c638dc ff98106e4c7b2bc287b24eaf42907196329070c7
actions/dependency-review-action 46a3c492319c890177366b6ef46d6b4f89743ed4 3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261
actions/stale 9.1.0 10.1.1

Updates actions/checkout from 4.3.1 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Updates actions/cache from 4.3.0 to 5.0.1

Release notes

Sourced from actions/cache's releases.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

v5.0.1

What's Changed

v5.0.0

What's Changed

Full Changelog: actions/cache@v5...v5.0.1

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Full Changelog: actions/cache@v4.3.0...v5.0.0

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.1

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

  • Bump @actions/cache to v4.1.0

4.2.4

  • Bump @actions/cache to v4.0.5

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

  • Bump @actions/cache to v4.0.2

4.2.1

  • Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

... (truncated)

Commits
  • 9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
  • 8ff5423 chore: release v5.0.1
  • 9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
  • b975f2b fix: add peer property to package-lock.json for dependencies
  • d0a0e18 fix: update license files for @​actions/cache, fast-xml-parser, and strnum
  • 74de208 fix: update @​actions/cache to ^5.0.1 for Node.js 24 punycode fix
  • ac7f115 peer
  • b0f846b fix: update @​actions/cache with storage-blob fix for Node.js 24 punycode depr...
  • a783357 Merge pull request #1684 from actions/prepare-cache-v5-release
  • 3bb0d78 docs: highlight v5 runner requirement in releases
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Updates actions/download-artifact from 4 to 7

Release notes

Sourced from actions/download-artifact's releases.

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

New Contributors

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v6.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/download-artifact@v5...v6.0.0

v5.0.0

What's Changed

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

... (truncated)

Commits
  • 37930b1 Merge pull request #452 from actions/download-artifact-v7-release
  • 72582b9 doc: update readme
  • 0d2ec9d chore: release v7.0.0 for Node.js 24 support
  • fd7ae8f Merge pull request #451 from actions/fix-storage-blob
  • d484700 chore: restore minimatch.dep.yml license file
  • 03a8080 chore: remove obsolete dependency license files
  • 56fe6d9 chore: update @​actions/artifact license file to 5.0.1
  • 8e3ebc4 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • 1e3c4b4 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • 458627d chore: use local @​actions/artifact package for Node.js 24 testing
  • Additional commits viewable in compare view

Updates peter-evans/repository-dispatch from 3 to 4

Release notes

Sourced from peter-evans/repository-dispatch's releases.

Repository Dispatch v4.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

... (truncated)

Commits
  • 28959ce Fix node version in actions.yml (#433)
  • 25d29c2 build(deps-dev): bump @​types/node in the npm group (#432)
  • 830136c build(deps): bump the github-actions group with 3 updates (#431)
  • 2c856c6 ci: update dependabot config
  • 6673907 build(deps-dev): bump @​types/node from 18.19.127 to 18.19.129 (#429)
  • 952a211 build(deps): bump peter-evans/repository-dispatch from 3 to 4 (#428)
  • 5fc4efd docs: update readme
  • a628c95 feat: v4 (#427)
  • de78ac1 build(deps-dev): bump @​vercel/ncc from 0.38.3 to 0.38.4 (#425)
  • f49fa7f build(deps-dev): bump @​types/node from 18.19.124 to 18.19.127 (#426)
  • Additional commits viewable in compare view

Updates mozilla-actions/sccache-action from 676c0e67b665684f17941acf5cc3af83bcf10228 to 9e326ebed976843c9932b3aa0e021c6f50310eb4

Commits

Updates EmbarkStudios/cargo-deny-action from ef301417264190a1eb9f26fcf171642070085c5b to 3f4a782664881cf5725d0ffd23969fcce89fd868

Commits

Updates codecov/codecov-action from 4.6.0 to 5.5.2

Release notes

Sourced from codecov/codecov-action's releases.

v5.5.2

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.5.1...v5.5.2

v5.5.1

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.5.0...v5.5.1

v5.5.0

What's Changed

New Contributors

Full Changelog: codecov/codecov-action@v5.4.3...v5.5.0

v5.4.3

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 5, 2026

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from Lenvanderhof as a code owner January 5, 2026 19:46
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-232336f654 branch from c59afac to aaa5782 Compare January 9, 2026 01:17
@Lenvanderhof Lenvanderhof enabled auto-merge (squash) January 9, 2026 07:18
@dependabot
deps(actions): bump the github-actions group with 14 updates
33b147a 
Bumps the github-actions group with 14 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.1` |
| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `6.0.0` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `7` |
| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3` | `4` |
| [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action) | `676c0e67b665684f17941acf5cc3af83bcf10228` | `9e326ebed976843c9932b3aa0e021c6f50310eb4` |
| [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) | `ef301417264190a1eb9f26fcf171642070085c5b` | `3f4a782664881cf5725d0ffd23969fcce89fd868` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4.6.0` | `5.5.2` |
| [actions/labeler](https://github.com/actions/labeler) | `5.0.0` | `6.0.1` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` |
| [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `dcedce43c6f43de0b836d1fe38946645c9c638dc` | `ff98106e4c7b2bc287b24eaf42907196329070c7` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `46a3c492319c890177366b6ef46d6b4f89743ed4` | `3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261` |
| [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.1.1` |


Updates `actions/checkout` from 4.3.1 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@34e1148...8e8c483)

Updates `actions/cache` from 4.3.0 to 5.0.1
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0057852...9255dc7)

Updates `actions/upload-artifact` from 4.6.2 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...b7c566a)

Updates `actions/download-artifact` from 4 to 7
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4...v7)

Updates `peter-evans/repository-dispatch` from 3 to 4
- [Release notes](https://github.com/peter-evans/repository-dispatch/releases)
- [Commits](peter-evans/repository-dispatch@v3...v4)

Updates `mozilla-actions/sccache-action` from 676c0e67b665684f17941acf5cc3af83bcf10228 to 9e326ebed976843c9932b3aa0e021c6f50310eb4
- [Release notes](https://github.com/mozilla-actions/sccache-action/releases)
- [Commits](Mozilla-Actions/sccache-action@676c0e6...9e326eb)

Updates `EmbarkStudios/cargo-deny-action` from ef301417264190a1eb9f26fcf171642070085c5b to 3f4a782664881cf5725d0ffd23969fcce89fd868
- [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases)
- [Commits](EmbarkStudios/cargo-deny-action@ef30141...3f4a782)

Updates `codecov/codecov-action` from 4.6.0 to 5.5.2
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@b9fd7d1...671740a)

Updates `actions/labeler` from 5.0.0 to 6.0.1
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](actions/labeler@8558fd7...634933e)

Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

Updates `gitleaks/gitleaks-action` from dcedce43c6f43de0b836d1fe38946645c9c638dc to ff98106e4c7b2bc287b24eaf42907196329070c7
- [Release notes](https://github.com/gitleaks/gitleaks-action/releases)
- [Commits](gitleaks/gitleaks-action@dcedce4...ff98106)

Updates `actions/dependency-review-action` from 46a3c492319c890177366b6ef46d6b4f89743ed4 to 3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@46a3c49...3c4e3dc)

Updates `actions/stale` from 9.1.0 to 10.1.1
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@5bef64f...9971854)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: peter-evans/repository-dispatch
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: mozilla-actions/sccache-action
  dependency-version: 9e326ebed976843c9932b3aa0e021c6f50310eb4
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-version: 3f4a782664881cf5725d0ffd23969fcce89fd868
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/labeler
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: gitleaks/gitleaks-action
  dependency-version: ff98106e4c7b2bc287b24eaf42907196329070c7
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: actions/dependency-review-action
  dependency-version: 3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: actions/stale
  dependency-version: 10.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-232336f654 branch from aaa5782 to 33b147a Compare January 9, 2026 07:36
@Lenvanderhof Lenvanderhof requested a review from Copilot January 9, 2026 14:11
Copilot AI reviewed Jan 9, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates 14 GitHub Actions dependencies to their latest versions, including several major version bumps. The changes bring support for Node.js 24 runtime and improve compatibility with the latest GitHub Actions features.

Key Changes:

  • Major version updates for core actions (checkout v4→v6, cache v4→v5, upload-artifact v4→v6, download-artifact v4→v7)
  • Updates to SHA-based references for security-focused actions (sccache, cargo-deny, gitleaks)
  • Version bumps for third-party actions (codecov v4→v5, labeler v5→v6, stale v9→v10, peter-evans/repository-dispatch v3→v4)

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 76 comments.

Show a summary per file
File Description
.github/workflows/stale.yml Updated actions/stale SHA reference for v10
.github/workflows/security.yml Updated checkout, upload-artifact, cache, cargo-deny, gitleaks, and dependency-review actions
.github/workflows/release.yml Updated checkout, upload-artifact, download-artifact, setup-node, setup-python, and repository-dispatch actions
.github/workflows/quality-gates.yml Updated checkout, upload-artifact, cache, and cargo-deny actions
.github/workflows/labeler.yml Updated actions/labeler SHA reference for v6
.github/workflows/ci.yml Updated checkout, sccache, upload-artifact, download-artifact, cache, cargo-deny, and codecov actions
.github/workflows/brand-assets.yml Updated checkout, upload-artifact, download-artifact, and repository-dispatch actions
.github/workflows/benchmark.yml Updated checkout, cache, and upload-artifact actions

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/security.yml

steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/checkout is being updated from 4.3.1 to 6.0.1. The comment should be updated to "# v6" to accurately reflect the major version.

Copilot uses AI. Check for mistakes.
.github/workflows/release.yml
- name: Upload changelog artifact
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/upload-artifact is being updated from 4.6.2 to 6.0.0. The comment should be updated to "# v6" to accurately reflect the major version.

Suggested change
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v4
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6

Copilot uses AI. Check for mistakes.
.github/workflows/ci.yml

- name: Download shell completions
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/download-artifact is being updated from 4 to 7. The comment should be updated to "# v7" to accurately reflect the major version.

Copilot uses AI. Check for mistakes.
.github/workflows/benchmark.yml
steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/checkout is being updated from 4.3.1 to 6.0.1. The comment should be updated to "# v6" to accurately reflect the major version.

Suggested change
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6

Copilot uses AI. Check for mistakes.
.github/workflows/security.yml
- name: Upload license report
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/upload-artifact is being updated from 4.6.2 to 6.0.0. The comment should be updated to "# v6" to accurately reflect the major version.

Suggested change
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v4
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6

Copilot uses AI. Check for mistakes.
.github/workflows/release.yml
- name: Upload artifact (Unix)
if: runner.os != 'Windows'
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/upload-artifact is being updated from 4.6.2 to 6.0.0. The comment should be updated to "# v6" to accurately reflect the major version.

Copilot uses AI. Check for mistakes.
.github/workflows/quality-gates.yml
steps:
- name: Checkout repository
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/checkout is being updated from 4.3.1 to 6.0.1. The comment should be updated to "# v6" to accurately reflect the major version.

Suggested change
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6

Copilot uses AI. Check for mistakes.
.github/workflows/ci.yml

steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/checkout is being updated from 4.3.1 to 6.0.1. The comment should be updated to "# v6" to accurately reflect the major version.

Copilot uses AI. Check for mistakes.
.github/workflows/benchmark.yml

- name: Cache cargo
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/cache is being updated from 4.3.0 to 5.0.1. The comment should be updated to "# v5" to accurately reflect the major version.

Suggested change
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v4
uses: actions/cache@9255dc7a253b0ccc959486e2bca901246202afeb # v5

Copilot uses AI. Check for mistakes.
.github/workflows/benchmark.yml

steps:
- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
Copy link

Copilot AI Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comment "# v4" is inconsistent with the actual version being used. According to the PR description, actions/checkout is being updated from 4.3.1 to 6.0.1. The comment should be updated to "# v6" to accurately reflect the major version.

Suggested change
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
- uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Lenvanderhof Lenvanderhof Awaiting requested review from Lenvanderhof Lenvanderhof is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@Lenvanderhof Lenvanderhof

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Lenvanderhof