chore(deps): bump the github-actions group across 1 directory with 17 updates by dependabot[bot] · Pull Request #3085 · authzed/spicedb

dependabot · 2026-05-01T22:15:59Z

Bumps the github-actions group with 17 updates in the / directory:

Package	From	To
actions/cache	`5.0.3`	`5.0.5`
benchmark-action/github-action-benchmark	`1.21.0`	`1.22.0`
slackapi/slack-github-action	`2.1.1`	`3.0.3`
dorny/paths-filter	`3.0.2`	`4.0.1`
docker/login-action	`3.7.0`	`4.1.0`
codecov/codecov-action	`5.5.2`	`6.0.0`
actions/upload-artifact	`7.0.0`	`7.0.1`
chainguard-dev/actions	`1.6.5`	`1.6.17`
webiny/action-conventional-commits	`1.3.1`	`1.4.2`
juliangruber/approve-pull-request-action	`2.0.6`	`2.1.0`
dangoslen/changelog-enforcer	`ea6a56764870c323a4563f450c0a50c5f2d72cd6`	`43d9d695c578fb444f2e5bd23c0e9ec7c97b1d37`
docker/setup-qemu-action	`3.7.0`	`4.0.0`
docker/setup-buildx-action	`3.12.0`	`4.0.0`
goreleaser/goreleaser-action	`7.0.0`	`7.2.1`
nowsprinting/check-version-format-action	`4.0.7`	`5.0.1`
aquasecurity/trivy-action	`0.35.0`	`0.36.0`
shogo82148/actions-upload-release-asset	`1.9.2`	`1.10.1`

Updates actions/cache from 5.0.3 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

Update ts-http-runtime dependency by @yacaovsnc in actions/cache#1747

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

Add release instructions and update maintainer docs by @Link- in actions/cache#1696

Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @Link- in actions/cache#1697

Fix workflow permissions and cleanup workflow names / formatting by @Link- in actions/cache#1699

docs: Update examples to use the latest version by @XZTDean in actions/cache#1690

Fix proxy integration tests by @Link- in actions/cache#1701

Fix cache key in examples.md for bun.lock by @RyPeck in actions/cache#1722

Update dependencies & patch security vulnerabilities by @Link- in actions/cache#1738

New Contributors

@XZTDean made their first contribution in actions/cache#1690

@RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

Switch to a new branch from main.

Run npm test to ensure all tests are passing.

Update the version in https://github.com/actions/cache/blob/main/package.json.

Run npm run build to update the compiled files.

Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.

Run licensed cache to update the license report.

Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.

Commit your changes and push your branch upstream.

Open a pull request against main and get it reviewed and merged.

Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json

Create a new tag with the version number.

Auto generate release notes and update them to match the changes you made in RELEASES.md.

Toggle the set as the latest release option.

Publish the release.

Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml

There should be a workflow run queued with the same version number.

Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)

Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)

Bump fast-xml-parser to v5.5.6

5.0.3

Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)

Bump @actions/core to v2.0.3

5.0.2

Bump @actions/cache to v5.0.3 #1692

5.0.1

Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

27d5ce7 Merge pull request #1747 from actions/yacaovsnc/update-dependency
f280785 licensed changes
619aeb1 npm run build generated dist files
bcf16c2 Update ts-http-runtime to 0.3.5
6682284 Merge pull request #1738 from actions/prepare-v5.0.4
e340396 Update RELEASES
8a67110 Add licenses
1865903 Update dependencies & patch security vulnerabilities
5656298 Merge pull request #1722 from RyPeck/patch-1
4e380d1 Fix cache key in examples.md for bun.lock
Additional commits viewable in compare view

Updates benchmark-action/github-action-benchmark from 1.21.0 to 1.22.0

Release notes

Sourced from benchmark-action/github-action-benchmark's releases.

v1.22.0

chore bump node to 24 (#339)

Full Changelog: benchmark-action/github-action-benchmark@v1.21.0...v1.22.0

Changelog

Sourced from benchmark-action/github-action-benchmark's changelog.

Unreleased

v1.22.0 - 31 Mar 2026

chore bump node to 24 (#339)

v1.21.0 - 02 Mar 2026

fix include package name for duplicate bench names (#330)

fix avoid duplicate package suffix in Go benchmarks (#337)

v1.20.7 - 06 Sep 2025

fix improve parsing for custom benchmarks (#323)

v1.20.5 - 02 Sep 2025

feat allow to parse generic cargo bench/criterion units (#280)

fix add summary even when failure threshold is surpassed (#285)

fix time units are not normalized (#318)

v1.20.4 - 23 Oct 2024

feat add typings and validation workflow (#257)

v1.20.3 - 19 May 2024

fix Catch2 v.3.5.0 changed output format (#247)

v1.20.2 - 19 May 2024

fix Support sub-nanosecond precision on Cargo benchmarks (#246)

v1.20.1 - 02 Apr 2024

fix release script

v1.20.0 - 02 Apr 2024

fix Rust benchmarks not comparing to baseline (#235)

feat Comment on PR and auto update comment (#223)

v1.19.3 - 02 Feb 2024

fix ratio is NaN when previous value is 0. Now, print 1 when both values are 0 and +-∞ when divisor is 0 (#222)

fix action hangs in some cases for go fiber benchmarks (#225)

v1.19.2 - 26 Jan 2024

fix markdown rendering for summary is broken (#218)

... (truncated)

Commits

a60cea5 release v1.22.0
See full diff in compare view

Updates slackapi/slack-github-action from 2.1.1 to 3.0.3

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack GitHub Action v3.0.3

Patch Changes

66834e4: feat: add instrumentation to address error rates

Slack GitHub Action v3.0.2

Patch Changes

79529d7: fix: resolve url.parse deprecation warning for webhook techniques

Slack GitHub Action v3.0.1

What's Changed

Alongside the breaking changes of @v3.0.0 and a new technique to run Slack CLI commands, we tried the wrong name to publish to the GitHub Marketplace 🐙 This action is now noted as The Slack GitHub Action in listings 🎶 ✨

🎨 Maintenance

chore: use a unique title for marketplace in slackapi/slack-github-action#576 - Thanks @zimeg!

chore(release): tag version 3.0.1 in slackapi/slack-github-action#577 - Thanks @zimeg!

Full Changelog: slackapi/slack-github-action@v3.0.0...v3.0.1

Slack GitHub Action v3.0.0

The @v3.0.0 release had a hiccup on publish and we recommend using @v3.0.1 or a more recent version when updating! Oops!

🎽 Running Slack CLI commands and the active Node runtime, both included in this release 👟 ✨

⚠️ Breaking change: Node.js 24 the runtime

This major version updates the GitHub Actions required runtime to Node.js 24. Most GitHub-hosted runners already include this, but self-hosted runners may need to be updated ahead of planned deprecations of Node 20 on GitHub Actions runners.

📺 Enhancement: Run Slack CLI commands

This release introduces a new technique for running Slack CLI commands directly in GitHub Actions workflows. Use this to install the latest version (or a specific one) of the CLI and execute commands like deploy for merges to main, manifest validate with tests, and other commands.

Gather a token using the following CLI command to store with repo secrets, then get started with an example below:
$ slack auth token
🧪 Validate an app manifest on pull requests

Check that your app manifest is valid before merging changes:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/validate-a-manifest
- name: Validate the manifest
  uses: slackapi/slack-github-action/cli@v3.0.0
</tr></table> 

... (truncated)

Changelog

Sourced from slackapi/slack-github-action's changelog.

slack-github-action

3.0.3

Patch Changes

66834e4: feat: add instrumentation to address error rates

3.0.2

Patch Changes

79529d7: fix: resolve url.parse deprecation warning for webhook techniques

Commits

45a88b9 chore: release
1c0bcf0 chore: release (#606)
66834e4 feat: add instrumentation to address error rates (#600)
0fe0f90 build(deps): bump @actions/github from 9.0.0 to 9.1.1 (#605)
c5e7059 build(deps): bump @slack/web-api from 7.15.0 to 7.15.1 (#604)
0325526 build(deps-dev): bump @biomejs/biome from 2.4.10 to 2.4.13 (#601)
900cd3e build(deps-dev): bump @types/node from 24.12.0 to 24.12.2 (#603)
53fdcff build(deps): bump @actions/core from 3.0.0 to 3.0.1 (#602)
26856cc build(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.2 (#596)
feba1e2 ci: skip publish step if no release is needed (#599)
Additional commits viewable in compare view

Updates dorny/paths-filter from 3.0.2 to 4.0.1

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.1

What's Changed

Support merge queue by @masaru-iritani in dorny/paths-filter#255

New Contributors

@masaru-iritani made their first contribution in dorny/paths-filter#255

Full Changelog: dorny/paths-filter@v4.0.0...v4.0.1

v4.0.0

What's Changed

feat: update action runtime to node24 by @saschabratton in dorny/paths-filter#294

New Contributors

@saschabratton made their first contribution in dorny/paths-filter#294

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

Add missing predicate-quantifier by @wardpeet in dorny/paths-filter#279

New Contributors

@wardpeet made their first contribution in dorny/paths-filter#279

Full Changelog: dorny/paths-filter@v3...v3.0.3

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

Update action runtime to node24

v3.0.3

Add missing predicate-quantifier

v3.0.2

Add config parameter for predicate quantifier

v3.0.1

Compare base and ref when token is empty

v3.0.0

Update to Node.js 20

Update all dependencies

v2.11.1

Update @actions/core to v1.10.0 - Fixes warning about deprecated set-output

Document need for pull-requests: read permission

Updating to actions/checkout@v3

v2.11.0

Set list-files input parameter as not required

Update Node.js

Fix incorrect handling of Unicode characters in exec()

Use Octokit pagination

Updates real world links

v2.10.2

Fix getLocalRef() returns wrong ref

v2.10.1

Improve robustness of change detection

v2.10.0

Add ref input parameter

Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

Fix change detection when base is a tag

v2.9.2

Fix fetching git history

v2.9.1

Fix fetching git history + fallback to unshallow repo

v2.9.0

... (truncated)

Commits

fbd0ab8 feat: add merge_group event support
efb1da7 feat: add dist/ freshness check to PR workflow
d8f7b06 Merge pull request #302 from dorny/issue-299
addbc14 Update README for v4
9d7afb8 Update CHANGELOG for v4.0.0
782470c Merge branch 'releases/v3'
d1c1ffe Update CHANGELOG for v3.0.3
ce10459 Merge pull request #294 from saschabratton/master
5f40380 feat: update action runtime to node24
668c092 Merge pull request #279 from wardpeet/patch-1
Additional commits viewable in compare view

Updates docker/login-action from 3.7.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.2 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @thomasrockhu-codecov in codecov/codecov-action#1929

Th/6.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @thomasrockhu-codecov in codecov/codecov-action#1926

chore(release): 5.5.4 by @thomasrockhu-codecov in codecov/codecov-action#1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] in codecov/codecov-action#1874

chore(release): bump to 5.5.3 by @thomasrockhu-codecov in codecov/codecov-action#1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in codecov/codecov-action#1868

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in codecov/codecov-action#1867

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

docs: fix typo in README by @datalater in codecov/codecov-action#1866

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in codecov/codecov-action#1861

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

fix: Typo in README by @spalmurray in codecov/codecov-action#1838

docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in codecov/codecov-action#1822

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

57e3a13 Th/6.0.0 (#1928)
f67d33d Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0""...
75cd116 chore(release): 5.5.4 (#1927)
87d39f4 Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" (#1926)
1af5884 chore(release): bump to 5.5.3 (#1922)
c143300 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#1874)
See full diff in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Update the readme with direct upload details by @danwkennedy in actions/upload-artifact#795

Readme: bump all the example versions to v7 by @danwkennedy in actions/upload-artifact#796

Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
See full diff in compare view

Updates chainguard-dev/actions from 1.6.5 to 1.6.17

Release notes

Sourced from chainguard-dev/actions's releases.

v1.6.17

What's Changed

build(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.16 in /wolfi-build-pkg by @dependabot[bot] in chainguard-dev/actions#876

build(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.16 in /melange-build by @dependabot[bot] in chainguard-dev/actions#875

build(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.16 in /inky-build-pkg by @dependabot[bot] in chainguard-dev/actions#874

build(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.16 in /goimports by @dependabot[bot] in chainguard-dev/actions#873

build(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.16 in /gofmt by @dependabot[bot] in chainguard-dev/actions#872

fix(setup-knative): make resource_blaster fail loudly on HTTP errors by @jml in chainguard-dev/actions#878

otel-export: use RUNNER_NAME for the current job by @joshrwolf in chainguard-dev/actions#877

New Contributors

@jml made their first contribution in chainguard-dev/actions#878

Full Changelog: chainguard-dev/actions@v1.6.16...v1.6.17

v1.6.16

What's Changed

build(deps): bump chainguard-dev/actions from 1.6.14 to 1.6.15 in /wolfi-build-pkg by @dependabot[bot] in chainguard-dev/actions#867

build(deps): bump chainguard-dev/actions from 1.6.14 to 1.6.15 in /melange-build by @dependabot[bot] in chainguard-dev/actions#866

build(deps): bump chainguard-dev/actions from 1.6.14 to 1.6.15 in /inky-build-pkg by @dependabot[bot] in chainguard-dev/actions#865

build(deps): bump chainguard-dev/actions from 1.6.14 to 1.6.15 in /goimports by @dependabot[bot] in chainguard-dev/actions#864

build(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.1.0 by @dependabot[bot] in chainguard-dev/actions#861

build(deps): bump chainguard-dev/actions from 1.6.14 to 1.6.15 by @dependabot[bot] in chainguard-dev/actions#862

build(deps): bump chainguard-dev/actions from 1.6.14 to 1.6.15 in /gofmt by @dependabot[bot] in chainguard-dev/actions#863

build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 in /githubapp-token by @dependabot[bot] in chainguard-dev/actions#869

build(deps): bump step-security/harden-runner from 2.18.0 to 2.19.0 by @dependabot[bot] in chainguard-dev/actions#868

Full Changelog: chainguard-dev/actions@v1.6.15...v1.6.16

v1.6.15

What's Changed

build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /kind-diag by @dependabot[bot] in chainguard-dev/actions#855

build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /wolfi-build-pkg by @dependabot[bot] in chainguard-dev/actions#854

build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /nodiff by @dependabot[bot] in chainguard-dev/actions#853

build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /melange-build by @dependabot[bot] in chainguard-dev/actions#852

build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 by @dependabot[bot] in chainguard-dev/actions#847

build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /inky-build-pkg by @dependabot[bot] in chainguard-dev/actions#850

build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /goimports by @dependabot[bot] in chainguard-dev/actions#849

build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 in /k8s-diag by @dependabot[bot] in chainguard-dev/actions#851

build(deps): bump chainguard-dev/actions from 1.6.13 to 1.6.14 in /gofmt by @dependabot[bot] in chainguard-dev/actions#848

build(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 by @dependabot[bot] in chainguard-dev/actions#856

setup-registry: Set PORT env var from input through workflow by @markusthoemmes in chainguard-dev/actions#858

setup-registry: Use non-deprecated flag for disk storage by @markusthoemmes in chainguard-dev/actions#857

setup-registry: Always install an actually released version by @markusthoemmes in chainguard-dev/actions#859

build(deps): bump step-security/harden-runner from 2.17.0 to 2.18.0 by @dependabot[bot] in chainguard-dev/actions#860

Full Changelog: chainguard-dev/actions@v1.6.14...v1.6.15

... (truncated)

Commits

916fec0 otel-export: use RUNNER_NAME for the current job (#877)
3729a34 fix(setup-knative): make resource_blaster fail loudly on HTTP errors (#878)
d0ec114 build(deps): bump chainguard-dev/actions from 1.6.15 to 1.6.16 in /gofmt (#872)
c59d556 build(deps): bump chainguard-dev/actions in /goimports (#873)
6e37ea6 build(deps): bump chainguard-dev/actions in /inky-build-pkg (#874)
e7a229d build(deps): bump chainguard-dev/actions in /melange-build (#875)
b5cd45f build(deps): bump chainguard-dev/actions in /wolfi-build-pkg (#876)
0cba302 build(deps): bump step-security/harden-runner from 2.18.0 to 2.19.0 (#868)
3e8d0d8 build(deps): bump actions/setup-node in /githubapp-token (#869)
271de1a build(deps): bump chainguard-dev/actions from 1.6.14 to 1.6.15 in /gofmt (#863)
Additional commits viewable in compare view

Updates webiny/action-conventional-commits from 1.3.1 to 1.4.2

Commits

7f91b15 fix: allow 'improvement' prefix
096eff5 fix: allow 'improvement' prefix
b6cc3cc docs: update latest version
6a05e2b feat: use node24
b34f00b Merge remote-tracking branch 'origin/master'
0fecf10 feat: refactor commit message validation to use exception list
See full diff in compare view

Updates juliangruber/approve-pull-request-action from 2.0.6 to 2.1.0

Release notes

Sourced from juliangruber/approve-pull-request-action's releases.

v2.1.0

Update node version (#83) ef2657f

ci: add workflow_dispatch c97e272

Bump braces from 3.0.2 to 3.0.3 (#74) f88e49d

Bump undici from 5.28.3 to 5.28.4 (#73) 1fe354e

juliangruber/approve-pull-request-action@v2.0.6...v2.1.0

Commits

68fcc9a 2.1.0
ef2657f Update node version (

… updates Bumps the github-actions group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/cache](https://github.com/actions/cache) | `5.0.3` | `5.0.5` | | [benchmark-action/github-action-benchmark](https://github.com/benchmark-action/github-action-benchmark) | `1.21.0` | `1.22.0` | | [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `2.1.1` | `3.0.3` | | [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3.0.2` | `4.0.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.1.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [chainguard-dev/actions](https://github.com/chainguard-dev/actions) | `1.6.5` | `1.6.17` | | [webiny/action-conventional-commits](https://github.com/webiny/action-conventional-commits) | `1.3.1` | `1.4.2` | | [juliangruber/approve-pull-request-action](https://github.com/juliangruber/approve-pull-request-action) | `2.0.6` | `2.1.0` | | [dangoslen/changelog-enforcer](https://github.com/dangoslen/changelog-enforcer) | `ea6a56764870c323a4563f450c0a50c5f2d72cd6` | `43d9d695c578fb444f2e5bd23c0e9ec7c97b1d37` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `7.0.0` | `7.2.1` | | [nowsprinting/check-version-format-action](https://github.com/nowsprinting/check-version-format-action) | `4.0.7` | `5.0.1` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` | | [shogo82148/actions-upload-release-asset](https://github.com/shogo82148/actions-upload-release-asset) | `1.9.2` | `1.10.1` | Updates `actions/cache` from 5.0.3 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@cdf6c1f...27d5ce7) Updates `benchmark-action/github-action-benchmark` from 1.21.0 to 1.22.0 - [Release notes](https://github.com/benchmark-action/github-action-benchmark/releases) - [Changelog](https://github.com/benchmark-action/github-action-benchmark/blob/master/CHANGELOG.md) - [Commits](benchmark-action/github-action-benchmark@a7bc236...a60cea5) Updates `slackapi/slack-github-action` from 2.1.1 to 3.0.3 - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md) - [Commits](slackapi/slack-github-action@91efab1...45a88b9) Updates `dorny/paths-filter` from 3.0.2 to 4.0.1 - [Release notes](https://github.com/dorny/paths-filter/releases) - [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md) - [Commits](dorny/paths-filter@de90cc6...fbd0ab8) Updates `docker/login-action` from 3.7.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3.7.0...v4.1.0) Updates `codecov/codecov-action` from 5.5.2 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@671740a...57e3a13) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@bbbca2d...043fb46) Updates `chainguard-dev/actions` from 1.6.5 to 1.6.17 - [Release notes](https://github.com/chainguard-dev/actions/releases) - [Commits](chainguard-dev/actions@71714a7...916fec0) Updates `webiny/action-conventional-commits` from 1.3.1 to 1.4.2 - [Release notes](https://github.com/webiny/action-conventional-commits/releases) - [Commits](webiny/action-conventional-commits@v1.3.1...v1.4.2) Updates `juliangruber/approve-pull-request-action` from 2.0.6 to 2.1.0 - [Release notes](https://github.com/juliangruber/approve-pull-request-action/releases) - [Commits](juliangruber/approve-pull-request-action@b71c44f...68fcc9a) Updates `dangoslen/changelog-enforcer` from ea6a56764870c323a4563f450c0a50c5f2d72cd6 to 43d9d695c578fb444f2e5bd23c0e9ec7c97b1d37 - [Release notes](https://github.com/dangoslen/changelog-enforcer/releases) - [Changelog](https://github.com/dangoslen/changelog-enforcer/blob/main/CHANGELOG.md) - [Commits](dangoslen/changelog-enforcer@ea6a567...43d9d69) Updates `docker/setup-qemu-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@c7c5346...ce36039) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8d2750c...4d04d5d) Updates `goreleaser/goreleaser-action` from 7.0.0 to 7.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@ec59f47...1a80836) Updates `nowsprinting/check-version-format-action` from 4.0.7 to 5.0.1 - [Release notes](https://github.com/nowsprinting/check-version-format-action/releases) - [Commits](nowsprinting/check-version-format-action@bb1181a...976544c) Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@v0.35.0...v0.36.0) Updates `shogo82148/actions-upload-release-asset` from 1.9.2 to 1.10.1 - [Release notes](https://github.com/shogo82148/actions-upload-release-asset/releases) - [Commits](shogo82148/actions-upload-release-asset@8f6863c...ee2ae85) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: benchmark-action/github-action-benchmark dependency-version: 1.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: slackapi/slack-github-action dependency-version: 3.0.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dorny/paths-filter dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: chainguard-dev/actions dependency-version: 1.6.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: webiny/action-conventional-commits dependency-version: 1.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: juliangruber/approve-pull-request-action dependency-version: 2.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: dangoslen/changelog-enforcer dependency-version: 43d9d695c578fb444f2e5bd23c0e9ec7c97b1d37 dependency-type: direct:production dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: nowsprinting/check-version-format-action dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: shogo82148/actions-upload-release-asset dependency-version: 1.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-05-08T02:16:44Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 1, 2026

dependabot Bot requested a review from a team as a code owner May 1, 2026 22:16

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 1, 2026

github-actions Bot added the area/tooling Affects the dev or user toolchain (e.g. tests, ci, build tools) label May 1, 2026

dependabot Bot closed this May 8, 2026

dependabot Bot deleted the dependabot/github_actions/github-actions-582521e4c6 branch May 8, 2026 02:16

github-actions Bot locked and limited conversation to collaborators May 8, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions group across 1 directory with 17 updates#3085

chore(deps): bump the github-actions group across 1 directory with 17 updates#3085
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-582521e4c6

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 8, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 1, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.0.5

What's Changed

v5.0.4

What's Changed

New Contributors

Releases

How to prepare a release

Changelog

5.0.4

5.0.3

5.0.2

5.0.1

5.0.0

v1.22.0

Unreleased

v1.22.0 - 31 Mar 2026

v1.21.0 - 02 Mar 2026

v1.20.7 - 06 Sep 2025

v1.20.5 - 02 Sep 2025

v1.20.4 - 23 Oct 2024

v1.20.3 - 19 May 2024

v1.20.2 - 19 May 2024

v1.20.1 - 02 Apr 2024

v1.20.0 - 02 Apr 2024

v1.19.3 - 02 Feb 2024

v1.19.2 - 26 Jan 2024

Slack GitHub Action v3.0.3

Patch Changes

Slack GitHub Action v3.0.2

Patch Changes

Slack GitHub Action v3.0.1

What's Changed

🎨 Maintenance

Slack GitHub Action v3.0.0

⚠️ Breaking change: Node.js 24 the runtime

📺 Enhancement: Run Slack CLI commands

🧪 Validate an app manifest on pull requests

slack-github-action

3.0.3

Patch Changes

3.0.2

Patch Changes

v4.0.1

What's Changed

New Contributors

v4.0.0

What's Changed

New Contributors

v3.0.3

What's Changed

New Contributors

Changelog

v4.0.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.1

v2.11.0

v2.10.2

v2.10.1

v2.10.0

v2.9.3

v2.9.2

v2.9.1

v2.9.0

v4.1.0

v4.0.0

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

v5.5.4

What's Changed

v5.5.3

What's Changed

v5.5.2

What's Changed

dependabot Bot commented on behalf of github May 1, 2026 •

edited

Loading