Bump the github-actions group across 1 directory with 13 updates #37

dependabot · 2025-08-24T00:18:56Z

Bumps the github-actions group with 13 updates in the / directory:

Package	From	To
actions/upload-artifact	`4.3.0`	`4.6.2`
actions/download-artifact	`4.1.1`	`5.0.0`
actions/setup-python	`5.1.1`	`5.6.0`
hendrikmuhs/ccache-action	`1.2.17`	`1.2.18`
step-security/changed-files	`45.0.1`	`46.0.5`
EnricoMi/publish-unit-test-result-action	`2.18.0`	`2.20.0`
actions/github-script	`6.4.1`	`7.0.1`
docker/login-action	`3.3.0`	`3.5.0`
aminya/setup-cpp	`1.1.1`	`1.7.1`
actions/setup-node	`4.2.0`	`4.4.0`
actions/labeler	`4.3.0`	`5.0.0`
actions/attest-build-provenance	`1.0.0`	`2.4.0`
ossf/scorecard-action	`2.4.1`	`2.4.2`

Updates actions/upload-artifact from 4.3.0 to 4.6.2

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.2

What's Changed

Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @salmanmkc in actions/upload-artifact#685

New Contributors

@salmanmkc made their first contribution in actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

Update to use artifact 2.2.2 package by @yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

What's Changed

Expose env vars to control concurrency and timeout by @yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

fix: deprecated Node.js version in action by @hamirmahal in actions/upload-artifact#578

Add new artifact-digest output by @bdehamer in actions/upload-artifact#656

New Contributors

@hamirmahal made their first contribution in actions/upload-artifact#578

@bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

What's Changed

Undo indirect dependency updates from #627 by @joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

Bump @actions/artifact to 2.1.11 by @robherley in actions/upload-artifact#627

Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

... (truncated)

Commits

ea165f8 Merge pull request #685 from salmanmkc/salmanmkc/3-new-upload-artifacts-release
0839620 Prepare for new release of actions/upload-artifact with new toolkit cache ver...
4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
e9fad96 license cache update for artifact
b26fd06 Update to use artifact 2.2.2 package
65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
0207619 move files back to satisfy licensed ci
1ecca81 licensed cache updates
9742269 Expose env vars to controll concurrency and timeout
6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
Additional commits viewable in compare view

Updates actions/download-artifact from 4.1.1 to 5.0.0

Release notes

Sourced from actions/download-artifact's releases.

v5.0.0

What's Changed

Update README.md by @nebuk89 in actions/download-artifact#407

BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @GrantBirki in actions/download-artifact#416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

By name: name: my-artifact → extracted to path/ (direct)

By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

By name: name: my-artifact → extracted to path/ (unchanged)

By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:

You download artifacts by name

You download multiple artifacts by ID

You already use merge-multiple: true as a workaround

⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):
- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist
# Files were in: dist/my-artifact/
Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):
</tr></table> 

... (truncated)

Commits

634f93c Merge pull request #416 from actions/single-artifact-id-download-path
b19ff43 refactor: resolve download path correctly in artifact download tests (mainly ...
e262cbe bundle dist
bff23f9 update docs
fff8c14 fix download path logic when downloading a single artifact by id
448e3f8 Merge pull request #407 from actions/nebuk89-patch-1
47225c4 Update README.md
d3f86a1 Merge pull request #404 from actions/robherley/v4.3.0
fc02353 prep for v4.3.0 release
7745437 Merge pull request #402 from actions/joshmgross/download-by-id-example
Additional commits viewable in compare view

Updates actions/setup-python from 5.1.1 to 5.6.0

Release notes

Sourced from actions/setup-python's releases.

v5.6.0

What's Changed

Workflow updates related to Ubuntu 20.04 by @aparnajyothi-y in actions/setup-python#1065

Fix for Candidate Not Iterable Error by @aparnajyothi-y in actions/setup-python#1082

Upgrade semver and @types/semver by @dependabot in actions/setup-python#1091

Upgrade prettier from 2.8.8 to 3.5.3 by @dependabot in actions/setup-python#1046

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-python#1081

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Support free threaded Python versions like '3.13t' by @colesbury in actions/setup-python#973

Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade @action/cache from 4.0.0 to 4.0.3 by @priya-kinthali in actions/setup-python#1056

Add support for .tool-versions file in setup-python by @mahabaleshwars in actions/setup-python#1043

Bug fixes:

Fix architecture for pypy on Linux ARM64 by @mayeut in actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.

Dependency updates:

Upgrade @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in actions/setup-python#1016

Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in actions/setup-python#1015

New Contributors

@colesbury made their first contribution in actions/setup-python#973

@mahabaleshwars made their first contribution in actions/setup-python#1043

Full Changelog: actions/setup-python@v5...v5.5.0

v5.4.0

What's Changed

Enhancements:

Update cache error message by @aparnajyothi-y in actions/setup-python#968

Enhance Workflows: Add Ubuntu-24, Remove Python 3.8 by @priya-kinthali in actions/setup-python#985

Configure Dependabot settings by @HarithaVattikuti in actions/setup-python#1008

Documentation changes:

Readme update - recommended permissions by @benwells in actions/setup-python#1009

Improve Advanced Usage examples by @lrq3000 in actions/setup-python#645

Dependency updates:

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in actions/setup-python#1012

Upgrade urllib3 from 1.25.9 to 1.26.19 in /tests/data by @dependabot in actions/setup-python#895

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-python#1014

Upgrade @actions/http-client from 2.2.1 to 2.2.3 by @dependabot in actions/setup-python#1020

Upgrade requests from 2.24.0 to 2.32.2 in /tests/data by @dependabot in actions/setup-python#1019

Upgrade @actions/cache to ^4.0.0 by @priyagupta108 in actions/setup-python#1007

New Contributors

@benwells made their first contribution in actions/setup-python#1009

@HarithaVattikuti made their first contribution in actions/setup-python#1008

... (truncated)

Commits

a26af69 Bump ts-jest from 29.1.2 to 29.3.2 (#1081)
30eafe9 Bump prettier from 2.8.8 to 3.5.3 (#1046)
5d95bc1 Bump semver and @types/semver (#1091)
6ed2c67 Fix for Candidate Not Iterable Error (#1082)
e348410 Remove Ubuntu 20.04 from workflows due to deprecation from 2025-04-15 (#1065)
8d9ed9a Add e2e Testing for free threaded and Bump @action/cache from 4.0.0 to 4.0.3 ...
19e4675 Add support for .tool-versions file in setup-python (#1043)
6fd11e1 Bump @actions/glob from 0.4.0 to 0.5.0 (#1015)
9e62be8 Support free threaded Python versions like '3.13t' (#973)
6ca8e85 Bump @vercel/ncc from 0.38.1 to 0.38.3 (#1016)
Additional commits viewable in compare view

Updates hendrikmuhs/ccache-action from 1.2.17 to 1.2.18

Release notes

Sourced from hendrikmuhs/ccache-action's releases.

v1.2.18

What's Changed

Bump ts-jest from 29.2.5 to 29.2.6 by @dependabot in hendrikmuhs/ccache-action#291

Bump typescript from 5.7.3 to 5.8.2 by @dependabot in hendrikmuhs/ccache-action#294

Bump @types/node from 22.13.0 to 22.13.9 by @dependabot in hendrikmuhs/ccache-action#296

set cache to readonly if skipping save by @planetmarshall in hendrikmuhs/ccache-action#301

Update sccache version to v0.10.0 by @mhegazy in hendrikmuhs/ccache-action#315

Bump @types/node from 22.13.9 to 22.15.2 by @dependabot in hendrikmuhs/ccache-action#316

Bump ts-jest from 29.2.6 to 29.3.2 by @dependabot in hendrikmuhs/ccache-action#312

Bump typescript from 5.8.2 to 5.8.3 by @dependabot in hendrikmuhs/ccache-action#311

Bump @actions/cache from 4.0.0 to 4.0.3 by @dependabot in hendrikmuhs/ccache-action#299

Don't append - when append-timestamp is disabled. by @Naros in hendrikmuhs/ccache-action#306

New Contributors

@mhegazy made their first contribution in hendrikmuhs/ccache-action#315

@Naros made their first contribution in hendrikmuhs/ccache-action#306

Full Changelog: hendrikmuhs/ccache-action@v1...v1.2.18

Commits

63069e3 update code
15457da Don't append - when append-timestamp is disabled. (#306)
25d49ca update code
5107eae Bump @actions/cache from 4.0.0 to 4.0.3 (#299)
0be57ad Bump typescript from 5.8.2 to 5.8.3 (#311)
82ea688 Bump ts-jest from 29.2.6 to 29.3.2 (#312)
1442e5b Bump ts-jest from 29.2.6 to 29.3.2 (#312)
e3bfc65 Bump @types/node from 22.13.9 to 22.15.2 (#316)
fc91011 Update sccache version to v0.10.0 (#315)
15fe4dd set cache to readonly if skipping save (#301)
Additional commits viewable in compare view

Updates step-security/changed-files from 45.0.1 to 46.0.5

Release notes

Sourced from step-security/changed-files's releases.

v46.0.5

What's Changed

[StepSecurity] ci: Harden GitHub Actions by @step-security-bot in step-security/changed-files#15

[StepSecurity] Apply security best practices by @step-security-bot in step-security/changed-files#47

cherry pick and guard dog workflow added by @Raj-StepSecurity in step-security/changed-files#48

chore: Cherry-picked changes from upstream by @github-actions in step-security/changed-files#52

chore: Cherry-picked changes from upstream by @github-actions in step-security/changed-files#53

fix: Security updates by @github-actions in step-security/changed-files#54

ci: remove unnecessary workflows/ steps by @Raj-StepSecurity in step-security/changed-files#57

New Contributors

@step-security-bot made their first contribution in step-security/changed-files#15

Full Changelog: step-security/changed-files@v45...v46.0.5

Commits

95b56da ci: remove unnecessary workflows/ steps (#57)
60058f6 unused workflows/steps deleted
eb71416 revert workflow changes
e152d5b fix: Security updates (#54)
a373b15 chore: Cherry-picked changes from upstream (#53)
f2de462 chore: Cherry-picked changes from upstream (#52)
31ad786 cherry pick and guard dog workflow added (#48)
98d7c47 [StepSecurity] Apply security best practices (#47)
52f7569 Merge pull request #15 from step-security-bot/stepsecurity_remediation_174250...
cdb3cda [StepSecurity] ci: Harden GitHub Actions
See full diff in compare view

Updates EnricoMi/publish-unit-test-result-action from 2.18.0 to 2.20.0

Release notes

Sourced from EnricoMi/publish-unit-test-result-action's releases.

v2.20.0

Adds the following improvements:

Add action typing #653

Isolate PIP cache used by composite actions #668

Fix for empty <system-out> and <system-err> #667

Deprecate github_token_actor option, auto-detect actor #661

Use and recommend !cancelled() instead of always() #659

Add deprecationMessage to action.yml for deprecated inputs (#654)

Resolve regex library warnings #660

Full Changelog: EnricoMi/publish-unit-test-result-action@v2.19.0...v2.20.0

v2.19.0

Adds the following improvements:

Add option to verify SSL/TLS connection (#638)

Mention composite replacement in README.md (#647)

Quote $PYTHON_BIN in deprecated composite action (#646)

Commits

3a74b29 Releasing v2.20.0
b0880cd Use and recommend !cancelled() instead of always() (#659)
8113100 Deprecate github_token_actor option, auto-detect actor (#661)
e5a9d1c Add action typing (#653)
139ec34 Isolate PIP cache used by composite actions (#668)
cd0e24b Fix for empty \<system-out> and \<system-err> (#667)
c541e2e Resolve regex library warnings (#660)
bded1cd Add deprecationMessage to action.yml for deprecated inputs (#654)
a4f4abe Remove Ubuntu 20.04 from CI (#651)
afb2984 Releasing v2.19.0
Additional commits viewable in compare view

Updates actions/github-script from 6.4.1 to 7.0.1

Release notes

Sourced from actions/github-script's releases.

v7.0.1

What's Changed

Avoid setting baseUrl to undefined when input is not provided by @joshmgross in actions/github-script#439

Full Changelog: actions/github-script@v7.0.0...v7.0.1

v7.0.0

What's Changed

Add base-url option by @robandpdx in actions/github-script#429

Expose async-function argument type by @viktorlott in actions/github-script#402, see for details https://github.com/actions/github-script#use-scripts-with-jsdoc-support

Update dependencies and use Node 20 by @joshmgross in actions/github-script#425

New Contributors

@navarroaxel made their first contribution in actions/github-script#285

@robandpdx made their first contribution in actions/github-script#429

@viktorlott made their first contribution in actions/github-script#402

Full Changelog: actions/github-script@v6.4.1...v7.0.0

Commits

60a0d83 Merge pull request #440 from actions/joshmgross/v7.0.1
b7fb200 Update version to 7.0.1
12e22ed Merge pull request #439 from actions/joshmgross/avoid-setting-base-url
d319f8f Avoid setting baseUrl to undefined when input is not provided
e69ef54 Merge pull request #425 from actions/joshmgross/node-20
ee0914b Update licenses
d6fc56f Use @types/node for Node 20
384d6cf Fix quotations in tests
8472492 Only validate GraphQL previews
84903f5 Remove node-fetch from type
Additional commits viewable in compare view

Updates docker/login-action from 3.3.0 to 3.5.0

Release notes

Sourced from docker/login-action's releases.

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

Bump @aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870

Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Bump @actions/core from 1.10.1 to 1.11.1 in docker/login-action#791

Bump @aws-sdk/client-ecr to 3.766.0 in docker/login-action#789 docker/login-action#856

Bump @aws-sdk/client-ecr-public to 3.758.0 in docker/login-action#789 docker/login-action#856

Bump @docker/actions-toolkit from 0.35.0 to 0.57.0 in docker/login-action#801 docker/login-action#806 docker/login-action#858

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/login-action#814

Bump https-proxy-agent from 7.0.5 to 7.0.6 in docker/login-action#823

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/login-action#777

Full Changelog: docker/login-action@v3.3.0...v3.4.0

Commits

184bdaa Merge pull request #878 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
5c6bc94 chore: update generated content
caf4058 build(deps): bump the aws-sdk-dependencies group with 2 updates
ef38ec3 Merge pull request #860 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
d52e8ef chore: update generated content
9644ab7 build(deps): bump the aws-sdk-dependencies group with 2 updates
7abd1d5 Merge pull request #875 from docker/dependabot/npm_and_yarn/form-data-2.5.5
1a81202 Merge pull request #876 from crazy-max/aws-public-dual-stack
d1ab30d chore: update generated content
f25ff28 support dual-stack for aws public ecr
Additional commits viewable in compare view

Updates aminya/setup-cpp from 1.1.1 to 1.7.1

Release notes

Sourced from aminya/setup-cpp's releases.

v1.7.1

What's Changed

fix: prefer complete Window LLVM package @aminya in aminya/setup-cpp#425

fix: add LLVM 20.1.7 by @aminya in aminya/setup-cpp#424

fix: add mingw 15.1-r2 by @aminya in aminya/setup-cpp#424

fix: install gcovr via apt on Ubuntu by default by @aminya in aminya/setup-cpp#424

feat: add tar tool by @aminya in aminya/setup-cpp#425

Full Changelog: aminya/setup-cpp@v1.7.0...v1.7.1

v1.7.0

What's Changed

feat: update default LLVM to v20 by @aminya in aminya/setup-cpp#387

feat: default to GCC 15 on Windows and MacOS by @aminya in aminya/setup-cpp#387

fix: update cmake, task, powershell, meson, doxygen by @aminya in aminya/setup-cpp#414

Full Changelog: aminya/setup-cpp@v1.6.2...v1.7.0

v1.6.2

Full Changelog: aminya/setup-cpp@v1.6.1...v1.6.2

v1.6.0

What's Changed

feat: add apt-fast as an installable tool by @aminya in aminya/setup-cpp#401

fix: add apt-fast optimizations by @aminya in aminya/setup-cpp#402

Full Changelog: aminya/setup-cpp@v1.5.4...v1.6.0

v1.5.4

What's Changed

fix: avoid rc sourcing loops + fix: always add guards for sourcing rc files by @aminya in aminya/setup-cpp#397

fix: add missing git option for actions by @aminya

fix: ignore setup-cpp cli installation errors by @aminya

fix: fix addition of git to PATH on Windows by @aminya

fix: fix add-apt-repository in Debian by @aminya

fix: fix llvm add-apt-repository for debian by @aminya

Full Changelog: aminya/setup-cpp@v1.5.3...v1.5.4

v1.5.3

fix: remove exports map from package by @aminya in 7f46810eeda56

Full Changelog: aminya/setup-cpp@v1.5.2...v1.5.3

v1.5.2

fix: fix CLI shabang not working - independent lib by @aminya in c88b4364ef50

... (truncated)

Commits

a276e6e chore(release): v1.7.1 [skip test]
1c89539 fix: handle no update failures for llvm
b32feb0 chore(deps): update devdependencies (#426)
d857140 Merge pull request #425 from aminya/windows-llvm
aa0fcb9 fix: use 7z for tar extraction on windows
988cdb3 fix: extra tar by 7z on windows
d09e6b8 Merge pull request #418 from aminya/renovate/dependencies
c43a237 fix(deps): update dependency @types/node to v22.16.0
6004eca Merge pull request #423 from aminya/renovate/node-22.x
d42bb0b chore(deps): update node.js to v22.17.0
Additional commits viewable in compare view

Updates actions/setup-node from 4.2.0 to 4.4.0

Release notes

Sourced from actions/setup-node's releases.

v4.4.0

What's Changed

Bug fixes:

Make eslint-compact matcher compatible with Stylelint by @FloEdelmann in actions/setup-node#98

Add support for indented eslint output by @fregante in actions/setup-node#1245

Enhancement:

Support private mirrors by @marco-ippolito in actions/setup-node#1240

Dependency update:

Upgrade @action/cache from 4.0.2 to 4.0.3 by @aparnajyothi-y in actions/setup-node#1262

New Contributors

@FloEdelmann made their first contribution in actions/setup-node#98

@fregante made their first contribution in actions/setup-node#1245

@marco-ippolito made their first contribution in actions/setup-node#1240

Full Changelog: actions/setup-node@v4...v4.4.0

v4.3.0

What's Changed

Dependency updates

Upgrade @actions/glob from 0.4.0 to 0.5.0 by @dependabot in actions/setup-node#1200

Upgrade @action/cache from 4.0.0 to 4.0.2 by @gowridurgad in actions/setup-node#1251

Upgrade @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in actions/setup-node#1203

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot in actions/setup-node#1220

New Contributors

@gowridurgad made their first contribution in actions/setup-node#1251

Full Changelog: actions/setup-node@v4...v4.3.0

Commits

49933ea Bump @action/cache from 4.0.2 to 4.0.3 (#1262)
e3ce749 feat: support private mirrors (#1240)
40337cb Add support for indented eslint output (#1245)
1ccdddc Make eslint-compact matcher compatible with Stylelint (#98)
cdca736 Bump @actions/tool-cache from 2.0.1 to 2.0.2 (#1220)
22c0e74 Bump @vercel/ncc from 0.38.1 to 0.38.3 (#1203)
a7c2d94 actions/cache upgrade (#1251)
8026329 Bump @actions/glob from 0.4.0 to 0.5.0 (#1200)
See full diff in compare view

Updates actions/labeler from 4.3.0 to 5.0.0

Release notes

Sourced from actions/labeler's releases.

v5.0.0

What's Changed

This release contains the following breaking changes:

The ability to apply labels based on the names of base and/or head branches was added (#186 and #54). The match object for changed files was expanded with new combinations in order to make it more intuitive and flexible (#423 and #101). As a result, the configuration file structure was significantly redesigned and is not compatible with the structure of the previous version. Please read the action documentation to find out how to adapt your configuration files for use with the new action version.

The bug related to the sync-labels input was fixed (#112). Now the input value is read correctly.

By default, dot input is set to true. Now, paths starting with a dot (e.g. .github) are matched by default.

Version 5 of this action updated the

Bumps the github-actions group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.0` | `4.6.2` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.1.1` | `5.0.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.1.1` | `5.6.0` | | [hendrikmuhs/ccache-action](https://github.com/hendrikmuhs/ccache-action) | `1.2.17` | `1.2.18` | | [step-security/changed-files](https://github.com/step-security/changed-files) | `45.0.1` | `46.0.5` | | [EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action) | `2.18.0` | `2.20.0` | | [actions/github-script](https://github.com/actions/github-script) | `6.4.1` | `7.0.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.3.0` | `3.5.0` | | [aminya/setup-cpp](https://github.com/aminya/setup-cpp) | `1.1.1` | `1.7.1` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.2.0` | `4.4.0` | | [actions/labeler](https://github.com/actions/labeler) | `4.3.0` | `5.0.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `1.0.0` | `2.4.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.2` | Updates `actions/upload-artifact` from 4.3.0 to 4.6.2 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.3.0...ea165f8) Updates `actions/download-artifact` from 4.1.1 to 5.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4.1.1...634f93c) Updates `actions/setup-python` from 5.1.1 to 5.6.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5.1.1...a26af69) Updates `hendrikmuhs/ccache-action` from 1.2.17 to 1.2.18 - [Release notes](https://github.com/hendrikmuhs/ccache-action/releases) - [Commits](hendrikmuhs/ccache-action@a1209f8...63069e3) Updates `step-security/changed-files` from 45.0.1 to 46.0.5 - [Release notes](https://github.com/step-security/changed-files/releases) - [Commits](step-security/changed-files@3dbe17c...95b56da) Updates `EnricoMi/publish-unit-test-result-action` from 2.18.0 to 2.20.0 - [Release notes](https://github.com/enricomi/publish-unit-test-result-action/releases) - [Commits](EnricoMi/publish-unit-test-result-action@170bf24...3a74b29) Updates `actions/github-script` from 6.4.1 to 7.0.1 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v6.4.1...60a0d83) Updates `docker/login-action` from 3.3.0 to 3.5.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@9780b0c...184bdaa) Updates `aminya/setup-cpp` from 1.1.1 to 1.7.1 - [Release notes](https://github.com/aminya/setup-cpp/releases) - [Commits](aminya/setup-cpp@17c1155...a276e6e) Updates `actions/setup-node` from 4.2.0 to 4.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@1d0ff46...49933ea) Updates `actions/labeler` from 4.3.0 to 5.0.0 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@ac9175f...8558fd7) Updates `actions/attest-build-provenance` from 1.0.0 to 2.4.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@897ed5e...e8998f9) Updates `ossf/scorecard-action` from 2.4.1 to 2.4.2 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@f49aabe...05b42c6) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 4.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: 5.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: hendrikmuhs/ccache-action dependency-version: 1.2.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: step-security/changed-files dependency-version: 46.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: EnricoMi/publish-unit-test-result-action dependency-version: 2.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/github-script dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aminya/setup-cpp dependency-version: 1.7.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-node dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/labeler dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/attest-build-provenance dependency-version: 2.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Aug 24, 2025

dependabot bot force-pushed the dependabot/github_actions/github-actions-708630d680 branch from 1567150 to 7982f1f Compare August 31, 2025 00:21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the github-actions group across 1 directory with 13 updates #37

Bump the github-actions group across 1 directory with 13 updates #37

Uh oh!

dependabot bot commented on behalf of github Aug 24, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

Bump the github-actions group across 1 directory with 13 updates #37

Are you sure you want to change the base?

Bump the github-actions group across 1 directory with 13 updates #37

Uh oh!

Conversation

dependabot bot commented on behalf of github Aug 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v4.6.2

What's Changed

New Contributors

v4.6.1

What's Changed

v4.6.0

What's Changed

v4.5.0

What's Changed

New Contributors

v4.4.3

What's Changed

v4.4.2

What's Changed

v4.4.1

v5.0.0

What's Changed

v5.0.0

🚨 Breaking Change

What Changed

Migration Guide

✅ No Action Needed If:

⚠️ Action Required If:

v5.6.0

What's Changed

v5.5.0

What's Changed

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.4.0

What's Changed

Enhancements:

Documentation changes:

Dependency updates:

New Contributors

v1.2.18

What's Changed

New Contributors

v46.0.5

What's Changed

New Contributors

v2.20.0

v2.19.0

v7.0.1

What's Changed

v7.0.0

What's Changed

New Contributors

v3.5.0

v3.4.0

v1.7.1

What's Changed

v1.7.0

What's Changed

v1.6.2

v1.6.0

What's Changed

v1.5.4

What's Changed

v1.5.3

v1.5.2

v4.4.0

What's Changed

Bug fixes:

Enhancement:

Dependency update:

New Contributors

v4.3.0

What's Changed

Dependency updates

New Contributors

dependabot bot commented on behalf of github Aug 24, 2025 •

edited

Loading