Bump the actions-production-dependencies group across 1 directory with 13 updates by dependabot[bot] · Pull Request #111 · kkdevopsb5/opentelemetry-demo-k8s

dependabot · 2026-03-05T12:56:08Z

Bumps the actions-production-dependencies group with 13 updates in the / directory:

Package	From	To
actions/checkout	`4`	`6`
actions/setup-python	`5`	`6`
docker/login-action	`3`	`4`
docker/setup-qemu-action	`3`	`4`
docker/setup-buildx-action	`3`	`4`
docker/build-push-action	`6.18.0`	`6.19.2`
fossas/fossa-action	`1.7.0`	`1.8.0`
gradle/actions	`4.4.2`	`5.0.2`
actions/github-script	`7`	`8`
ossf/scorecard-action	`2.4.2`	`2.4.3`
actions/upload-artifact	`4.6.2`	`7.0.0`
github/codeql-action	`3.29.7`	`4.32.5`
actions/stale	`9`	`10`

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Workflow updates related to Ubuntu 20.04 by @aparnajyothi-y in actions/setup-python#1065

Fix for Candidate Not Iterable Error by @aparnajyothi-y in actions/setup-python#1082

Upgrade semver and @types/semver by @dependabot in actions/setup-python#1091

Upgrade prettier from 2.8.8 to 3.5.3 by @dependabot in actions/setup-python#1046

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-python#1081

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Support free threaded Python versions like '3.13t' by @colesbury in actions/setup-python#973

Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade @action/cache from 4.0.0 to 4.0.3 by @priya-kinthali in actions/setup-python#1056

Add support for .tool-versions file in setup-python by @mahabaleshwars in actions/setup-python#1043

Bug fixes:

Fix architecture for pypy on Linux ARM64 by @mayeut in actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.

... (truncated)

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
Additional commits viewable in compare view

Updates docker/login-action from 3 to 4

Release notes

Sourced from docker/login-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v3.7.0

Add scope input to set scopes for the authentication token by @crazy-max in docker/login-action#912

Add support for AWS European Sovereign Cloud ECR by @dphi in docker/login-action#914

Ensure passwords are redacted with registry-auth input by @crazy-max in docker/login-action#911

build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

Bump @aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870

Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Bump @actions/core from 1.10.1 to 1.11.1 in docker/login-action#791

Bump @aws-sdk/client-ecr to 3.766.0 in docker/login-action#789 docker/login-action#856

Bump @aws-sdk/client-ecr-public to 3.758.0 in docker/login-action#789 docker/login-action#856

Bump @docker/actions-toolkit from 0.35.0 to 0.57.0 in docker/login-action#801 docker/login-action#806 docker/login-action#858

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/login-action#814

Bump https-proxy-agent from 7.0.5 to 7.0.6 in docker/login-action#823

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/login-action#777

Full Changelog: docker/login-action@v3.3.0...v3.4.0

... (truncated)

Commits

b45d80f Merge pull request #929 from crazy-max/node24
176cb9c node 24 as default runtime
cad8984 Merge pull request #920 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
92cbcb2 chore: update generated content
5a2d6a7 build(deps): bump the aws-sdk-dependencies group with 2 updates
44512b6 Merge pull request #928 from docker/dependabot/npm_and_yarn/docker/actions-to...
28737a5 chore: update generated content
dac0793 build(deps): bump @docker/actions-toolkit from 0.76.0 to 0.77.0
62029f3 Merge pull request #919 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
08c8f06 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3 to 4

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

v3.7.0

Bump @docker/actions-toolkit from 0.56.0 to 0.67.0 in docker/setup-qemu-action#217 docker/setup-qemu-action#230

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-qemu-action#220

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-qemu-action#218

Bump tmp from 0.2.3 to 0.2.4 in docker/setup-qemu-action#221

Bump undici from 5.28.4 to 5.29.0 in docker/setup-qemu-action#219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

v3.6.0

Display binfmt version by @crazy-max in docker/setup-qemu-action#202

Full Changelog: docker/setup-qemu-action@v3.5.0...v3.6.0

v3.5.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-qemu-action#205

Full Changelog: docker/setup-qemu-action@v3.4.0...v3.5.0

v3.4.0

Bump @docker/actions-toolkit from 0.49.0 to 0.54.0 in docker/setup-qemu-action#193 docker/setup-qemu-action#197

Full Changelog: docker/setup-qemu-action@v3.3.0...v3.4.0

v3.3.0

Add cache-image input to enable/disable caching of binfmt image by @crazy-max in docker/setup-qemu-action#130

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-qemu-action#172

Bump @docker/actions-toolkit from 0.35.0 to 0.49.0 in docker/setup-qemu-action#187

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-qemu-action#182

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-qemu-action#162

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

v3.2.0

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-qemu-action#154 docker/setup-qemu-action#155

Full Changelog: docker/setup-qemu-action@v3.1.0...v3.2.0

v3.1.0

... (truncated)

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3 to 4

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v3.12.0

Deprecate install input by @crazy-max in docker/setup-buildx-action#455

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432

Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Fix keep-state not being respected by @crazy-max in docker/setup-buildx-action#429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Keep BuildKit state support by @crazy-max in docker/setup-buildx-action#427

Remove aliases created when installing by default by @hashhar in docker/setup-buildx-action#139

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/setup-buildx-action#422 docker/setup-buildx-action#425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

v3.10.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-buildx-action#408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Bump @docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

... (truncated)

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates docker/build-push-action from 6.18.0 to 6.19.2

Release notes

Sourced from docker/build-push-action's releases.

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

Commits

10e90e3 Merge pull request #1458 from crazy-max/git-auth-port
5262538 chore: update generated content
cd130e4 preserve port in GIT_AUTH_TOKEN host
806c751 Merge pull request #1452 from crazy-max/update-yarn
601a80b Merge pull request #1456 from crazy-max/auth-token-dyn-host
8f7fd7c chore: update generated content
710e335 derive GIT_AUTH_TOKEN host from GitHub server URL
c4ca848 update yarn to 4.9.2
ee4ca42 Merge pull request #1398 from docker/dependabot/npm_and_yarn/tmp-0.2.4
f1b3bb5 chore: update generated content
Additional commits viewable in compare view

Updates fossas/fossa-action from 1.7.0 to 1.8.0

Commits

c414b9a Pin version opt (#266)
ba7c3df Bump @actions/core from 2.0.1 to 2.0.2 (#263)
c95b9b8 Bump @actions/tool-cache from 2.0.2 to 3.0.0 (#262)
76d09c3 Bump globals from 16.5.0 to 17.0.0 (#260)
9f3e862 Bump @typescript-eslint/parser from 8.48.0 to 8.52.0 (#257)
c01ee11 Bump @types/node from 24.10.1 to 25.0.3 (#258)
2317073 Bump @actions/core from 1.11.1 to 2.0.1 (#256)
47e4002 Bump @actions/exec from 1.1.1 to 2.0.0 (#252)
7f84733 Bump @eslint/eslintrc from 3.3.1 to 3.3.3 (#248)
c09a922 Bump @typescript-eslint/parser from 8.46.2 to 8.48.0 (#246)
Additional commits viewable in compare view

Updates gradle/actions from 4.4.2 to 5.0.2

Release notes

Sourced from gradle/actions's releases.

v5.0.2

Summary

This release contains no functional changes. It updates dependencies and known Gradle wrapper checksums.

What's Changed

Update dependencies by @bigdaz in gradle/actions#851

Bump the github-actions group across 2 directories with 3 updates by @dependabot[bot] in gradle/actions#850

Update DV config by @bigdaz in gradle/actions#848

Convert project to ESM and update dependencies by @bigdaz in gradle/actions#854

Workflow fixes by @bigdaz in gradle/actions#856

Remove superfluous text from log message by @bigdaz in gradle/actions#861

Bump the github-actions group across 1 directory with 2 updates by @dependabot[bot] in gradle/actions#860

Bump the npm-dependencies group across 1 directory with 3 updates by @dependabot[bot] in gradle/actions#859

Update known wrapper checksums by @github-actions[bot] in gradle/actions#857

Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.21.0 to 2.21.1 in /sources/test/init-scripts in the gradle group across 1 directory by @dependabot[bot] in gradle/actions#862

Bump the npm-dependencies group in /sources with 2 updates by @dependabot[bot] in gradle/actions#863

Bump github/codeql-action from 4.32.3 to 4.32.4 in the github-actions group across 1 directory by @dependabot[bot] in gradle/actions#864

Full Changelog: gradle/actions@v5.0.1...v5.0.2

v5.0.1

What's Changed

Bump npm code dependency versions

Bump Gradle versions used in sample builds

Bump dependencies versions in Gradle sample builds

Bump GitHub actions used for build and test

Update known wrapper checksums to include Gradle 9.2+

Full Changelog: gradle/actions@v5.0.0...v5.0.1

v5.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @amyu in gradle/actions#721

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency upgrades

Bump the github-actions group across 1 directory with 2 updates by @dependabot[bot] in gradle/actions#748

Full Changelog: gradle/actions@v4...v5.0.0

v4.4.4

What's Changed

Bump the github-actions group across 2 directories with 3 updates by @dependabot[bot] in gradle/actions#726

... (truncated)

Commits

0723195 Bump github/codeql-action in the github-actions group across 1 directory (#864)
63603d9 Bump the npm-dependencies group in /sources with 2 updates (#863)
a5a91d4 Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile (#862)
30aed73 [bot] Update dist directory
e66cf85 Update known wrapper checksums (#857)
0a06264 Bump the npm-dependencies group across 1 directory with 3 updates (#859)
a51c1c2 Bump the github-actions group across 1 directory with 2 updates (#860)
f7783ee [bot] Update dist directory
fa36160 Remove superfluous text from log message (#861)
78f7dee Workflow fixes (#856)
Additional commits viewable in compare view

Updates actions/github-script from 7 to 8

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

Update Node.js version support to 24.x by @salmanmkc in actions/github-script#637

README for updating actions/github-script from v7 to v8 by @sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

@salmanmkc made their first contribution in actions/github-script#637

@sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

Upgrade husky to v9 by @benelan in actions/github-script#482

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/github-script#485

Upgrade IA Publish by @Jcambass in actions/github-script#486

Fix workflow status badges by @joshmgross in actions/github-script#497

Update usage of actions/upload-artifact by @joshmgross in actions/github-script#512

Clear up package name confusion by @joshmgross in actions/github-script#514

Update dependencies with npm audit fix by @joshmgross in actions/github-script#515

Specify that the used script is JavaScript by @timotk in actions/github-script#478

chore: Add Dependabot for NPM and Actions by

…h 13 updates Bumps the actions-production-dependencies group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.18.0` | `6.19.2` | | [fossas/fossa-action](https://github.com/fossas/fossa-action) | `1.7.0` | `1.8.0` | | [gradle/actions](https://github.com/gradle/actions) | `4.4.2` | `5.0.2` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `8` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.29.7` | `4.32.5` | | [actions/stale](https://github.com/actions/stale) | `9` | `10` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v4...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) Updates `docker/build-push-action` from 6.18.0 to 6.19.2 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6.18.0...v6.19.2) Updates `fossas/fossa-action` from 1.7.0 to 1.8.0 - [Release notes](https://github.com/fossas/fossa-action/releases) - [Commits](fossas/fossa-action@3ebcea1...c414b9a) Updates `gradle/actions` from 4.4.2 to 5.0.2 - [Release notes](https://github.com/gradle/actions/releases) - [Commits](gradle/actions@v4.4.2...v5.0.2) Updates `actions/github-script` from 7 to 8 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v8) Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@05b42c6...4eaacf0) Updates `actions/upload-artifact` from 4.6.2 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...bbbca2d) Updates `github/codeql-action` from 3.29.7 to 4.32.5 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@51f7732...c793b71) Updates `actions/stale` from 9 to 10 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v9...v10) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies - dependency-name: docker/build-push-action dependency-version: 6.19.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-production-dependencies - dependency-name: fossas/fossa-action dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-production-dependencies - dependency-name: gradle/actions dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies - dependency-name: ossf/scorecard-action dependency-version: 2.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-production-dependencies - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies - dependency-name: github/codeql-action dependency-version: 4.32.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies - dependency-name: actions/stale dependency-version: '10' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 5, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions-production-dependencies group across 1 directory with 13 updates#111

Bump the actions-production-dependencies group across 1 directory with 13 updates#111
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/actions-production-dependencies-0de441931c

dependabot bot commented on behalf of github Mar 5, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.6.0

What's Changed

v5.5.0

What's Changed

Enhancements:

Bug fixes:

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v4.0.0

v3.12.0

v3.11.1

v3.11.0

v3.10.0

v3.9.0

v3.8.0

v6.19.2

v6.19.1

v6.19.0

v5.0.2

Summary

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

Breaking Changes

Dependency upgrades

v4.4.4

What's Changed

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

New Contributors

v7.1.0

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot bot commented on behalf of github Mar 5, 2026 •

edited

Loading