chore(deps): bump the github-actions group across 1 directory with 9 updates by dependabot[bot] · Pull Request #43 · meigma/blob-cli

dependabot · 2026-04-20T10:20:26Z

Bumps the github-actions group with 9 updates in the / directory:

Package	From	To
actions/checkout	`4.2.2`	`6.0.2`
actions/setup-go	`5.5.0`	`6.4.0`
actions/upload-artifact	`6.0.0`	`7.0.1`
anchore/sbom-action	`0.21.1`	`0.24.0`
goreleaser/goreleaser-action	`6.4.0`	`7.1.0`
docker/login-action	`3.4.0`	`4.1.0`
actions/attest-build-provenance	`1.4.4`	`4.1.0`
googleapis/release-please-action	`4.4.0`	`4.4.1`
sigstore/cosign-installer	`4.0.0`	`4.1.1`

Updates actions/checkout from 4.2.2 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates actions/setup-go from 5.5.0 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Add go-download-base-url input for custom Go distributions by @gdams in actions/setup-go#721

Dependency update

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-go#727

Documentation update

Rearrange README.md, add advanced-usage.md by @priyagupta108 in actions/setup-go#724

Fix Microsoft build of Go link by @gdams in actions/setup-go#734

New Contributors

@gdams made their first contribution in actions/setup-go#721

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

Update default Go module caching to use go.mod by @priyagupta108 in actions/setup-go#705

Fix golang download url to go.dev by @178inaba in actions/setup-go#469

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

What's Changed

Enhancements

Example for restore-only cache in documentation by @aparnajyothi-y in actions/setup-go#696

Update Node.js version in action.yml by @ccoVeille in actions/setup-go#691

Documentation update of actions/checkout by @deining in actions/setup-go#683

Dependency updates

Upgrade js-yaml from 3.14.1 to 3.14.2 by @dependabot in actions/setup-go#682

Upgrade @actions/cache to v5 by @salmanmkc in actions/setup-go#695

Upgrade actions/checkout from 5 to 6 by @dependabot in actions/setup-go#686

Upgrade qs from 6.14.0 to 6.14.1 by @dependabot in actions/setup-go#703

New Contributors

@ccoVeille made their first contribution in actions/setup-go#691

@deining made their first contribution in actions/setup-go#683

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in actions/setup-go#665

Add support for .tool-versions file and update workflow by @priya-kinthali in actions/setup-go#673

Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in actions/setup-go#674

... (truncated)

Commits

4a36011 docs: fix Microsoft build of Go link (#734)
8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
def8c39 Rearrange README.md, add advanced-usage.md (#724)
4b73464 Fix golang download url to go.dev (#469)
a5f9b05 Update default Go module caching to use go.mod (#705)
7a3fe6c Bump qs from 6.14.0 to 6.14.1 (#703)
b9adafd Bump actions/checkout from 5 to 6 (#686)
d73f6bc README.md: correct to actions/checkout@v6 (#683)
ae252ee Bump @actions/cache to v5 (#695)
Additional commits viewable in compare view

Updates actions/upload-artifact from 6.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Update the readme with direct upload details by @danwkennedy in actions/upload-artifact#795

Readme: bump all the example versions to v7 by @danwkennedy in actions/upload-artifact#796

Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
See full diff in compare view

Updates anchore/sbom-action from 0.21.1 to 0.24.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.24.0

chore: update to node 24 + deps (#614) [@kzantow]

chore: update to ES modules (#595) [@kzantow]

⬆️ Dependencies

chore(deps): update Syft to v1.42.3 (#615) [@anchore-actions-token-generator[bot]]

v0.23.1

⬆️ Dependencies

chore(deps): update Syft to v1.42.2 (#607) [@anchore-actions-token-generator[bot]]

chore(deps): bump fast-xml-parser and all other deps (#604) [@dependabot[bot]]

v0.23.0

switch to single-file dist build with sub-action flags and update dependencies (#595) [@kzantow]

switch to esbuild (#590) [@willmurphyscode]

update Syft to v1.42.1 (#599) [@anchore-actions-token-generator[bot]]

v0.22.2

⬆️ Dependencies

chore(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 (#581) [@dependabot[bot]]

chore(deps): update Syft to v1.41.2 (#582) [@anchore-actions-token-generator[bot]]

chore(deps-dev): bump the dev-dependencies group with 2 updates (#580) [@dependabot[bot]]

chore(deps): update Syft to v1.41.1 (#579) [@anchore-actions-token-generator[bot]]

v0.22.1

⬆️ Dependencies

chore(deps): update Syft to v1.41.0 (#576) [@anchore-actions-token-generator[bot]]

chore(deps): bump lodash from 4.17.21 to 4.17.23 (#573) [@dependabot[bot]]

v0.22.0

Changes in v0.22.0

⬆️ Dependencies

chore(deps-dev): bump the dev-dependencies group with 19 updates (#566) [@dependabot]

chore(deps): bump npm-check-updates from 17.1.3 to 19.3.1 (#567) [@dependabot]

chore(deps): update Syft to v1.40.1 (#563) [@anchore-actions-token-generator[bot]]

Commits

e22c389 chore(deps): update Syft to v1.42.3 (#615)
36a5fde chore: update to node 24 + deps (#614)
a0a6512 chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#608)
57aae52 chore(deps): update Syft to v1.42.2 (#607)
c29e913 chore(deps): bump fast-xml-parser and other deps (#604)
17ae174 chore(deps/test): move to es modules, node:test, single dist file (#595)
6d473d3 chore(deps): update Syft to v1.42.1 (#599)
60619e7 fix tests and bump fast-xml-parser (#598)
e2bd58a chore(deps-dev): bump the dev-dependencies group with 3 updates (#592)
d032d7d ci(syft auto update): npm ci, not npm install (#597)
Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.4.0 to 7.1.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.1.0

What's Changed

feat: verify release checksum and cosign signature by @caarlos0 in goreleaser/goreleaser-action#550

docs: document cosign verification in README by @caarlos0 in goreleaser/goreleaser-action#553

docs: Upgrade import GPG action version by @flecno in goreleaser/goreleaser-action#547

ci: drop docker-bake in favor of plain npm by @caarlos0 in goreleaser/goreleaser-action#551

ci: add release-major-tag workflow by @caarlos0 in goreleaser/goreleaser-action#552

ci: drop pre-cosign-v3 goreleaser versions from tests by @caarlos0 in goreleaser/goreleaser-action#554

ci(deps): bump the actions group with 2 updates by @dependabot[bot] in goreleaser/goreleaser-action#543

ci(deps): bump the actions group with 5 updates by @dependabot[bot] in goreleaser/goreleaser-action#546

chore(deps): bump undici from 6.23.0 to 6.24.1 by @dependabot[bot] in goreleaser/goreleaser-action#545

New Contributors

@flecno made their first contribution in goreleaser/goreleaser-action#547

Full Changelog: goreleaser/goreleaser-action@v7...v7.1.0

v7.0.0

What's Changed

feat!: node 24, update deps, rm yarn, ESM by @caarlos0 in goreleaser/goreleaser-action#533

sec: pin github action versions by @caarlos0 in goreleaser/goreleaser-action#514

docs: Upgrade checkout GitHub Action in README.md by @dunglas in goreleaser/goreleaser-action#507

chore(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in goreleaser/goreleaser-action#504

ci(deps): bump the actions group with 2 updates by @dependabot[bot] in goreleaser/goreleaser-action#517

ci(deps): bump the actions group with 2 updates by @dependabot[bot] in goreleaser/goreleaser-action#523

ci(deps): bump docker/bake-action from 6.9.0 to 6.10.0 in the actions group by @dependabot[bot] in goreleaser/goreleaser-action#526

ci(deps): bump the actions group across 1 directory with 4 updates by @dependabot[bot] in goreleaser/goreleaser-action#532

ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @dependabot[bot] in goreleaser/goreleaser-action#534

chore(deps): bump the npm group across 1 directory with 4 updates by @dependabot[bot] in goreleaser/goreleaser-action#536

chore(deps): bump @actions/http-client from 3.0.2 to 4.0.0 in the npm group by @dependabot[bot] in goreleaser/goreleaser-action#537

ci(deps): bump docker/setup-buildx-action from 3.10.0 to 3.12.0 in the actions group by @dependabot[bot] in goreleaser/goreleaser-action#538

chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group by @dependabot[bot] in goreleaser/goreleaser-action#539

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

Commits

e24998b ci: drop pre-cosign-v3 goreleaser versions from tests (#554)
be2e8a3 docs: document cosign verification in README (#553)
5e53f8e ci: add release-major-tag workflow (#552)
4068afa build: drop docker-bake in favor of plain npm (#551)
213ec80 docs: add CONTRIBUTING with pre-commit workflow
4b462d3 feat: verify release checksum and cosign signature (#550)
01cbe07 docs: Upgrade import GPG action version (#547)
2a473d7 ci(deps): bump the actions group with 5 updates (#546)
fdcf0b9 clean: leftover files from node 22(?)
9881cc5 fix: use new static URL
Additional commits viewable in compare view

Updates docker/login-action from 3.4.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v3.7.0

Add scope input to set scopes for the authentication token by @crazy-max in docker/login-action#912

Add support for AWS European Sovereign Cloud ECR by @dphi in docker/login-action#914

Ensure passwords are redacted with registry-auth input by @crazy-max in docker/login-action#911

build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

... (truncated)

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates actions/attest-build-provenance from 1.4.4 to 4.1.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v4.1.0

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

Update RELEASE.md docs by @bdehamer in actions/attest-build-provenance#836

Bump actions/attest from 4.0.0 to 4.1.0 by @bdehamer in actions/attest-build-provenance#838

Bump @actions/attest from 3.0.0 to 3.1.0 by @bdehamer in actions/attest#362

Bump @actions/attest from 3.1.0 to 3.2.0 by @bdehamer in actions/attest#365

Add new subject-version input for inclusion in storage record by @bdehamer in actions/attest#364

Add storage record content to README by @bdehamer in actions/attest#366

Full Changelog: actions/attest-build-provenance@v4.0.0...v4.1.0

v4.0.0

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

Prepare v4 release by @bdehamer in actions/attest-build-provenance#835

Full Changelog: actions/attest-build-provenance@v3.2.0...v4.0.0

v3.2.0

What's Changed

Bump @actions/core from 1.11.1 to 2.0.1 by @dependabot[bot] in actions/attest-build-provenance#776

Add more documentation on Artifact Metadata Storage Records by @malancas in actions/attest-build-provenance#797

Update actions/attest to latest version v3.2.0 by @malancas in actions/attest-build-provenance#812

Full Changelog: actions/attest-build-provenance@v3.1.0...v3.2.0

v3.1.0

What's Changed

Prepare v3 release by @bdehamer in actions/attest-build-provenance#697

Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in actions/attest-build-provenance#749

Bump tar from 7.5.1 to 7.5.2 by @dependabot[bot] in actions/attest-build-provenance#753

Bump glob from 10.4.5 to 10.5.0 by @dependabot[bot] in actions/attest-build-provenance#754

Bump @types/node from 24.10.1 to 25.0.2 by @dependabot[bot] in actions/attest-build-provenance#774

Bump @actions/attest from 1.6.0 to 2.0.0 by @dependabot[bot] in actions/attest-build-provenance#736

Bump @actions/attest from 2.0.0 to 2.1.0 by @dependabot[bot] in actions/attest-build-provenance#775

Add support for creating artifact metadata storage records by @malancas in actions/attest-build-provenance#779

New Contributors

... (truncated)

Commits

a2bbfa2 bump actions/attest from 4.0.0 to 4.1.0 (#838)
0856891 update RELEASE.md docs (#836)
e4d4f7c prepare v4 release (#835)
02a49bd Bump github/codeql-action in the actions-minor group (#824)
7c757df Bump the npm-development group with 2 updates (#825)
c44148e Bump github/codeql-action in the actions-minor group (#818)
3234352 Bump @types/node from 25.0.10 to 25.2.0 in the npm-development group (#819)
18db129 Bump tar from 7.5.6 to 7.5.7 (#816)
90fadfa Bump @actions/core from 2.0.1 to 2.0.2 in the npm-production group (#799)
57db8ba Bump the npm-development group across 1 directory with 3 updates (#808)
Additional commits viewable in compare view

Updates googleapis/release-please-action from 4.4.0 to 4.4.1

Release notes

Sourced from googleapis/release-please-action's releases.

v4.4.1

4.4.1 (2026-02-20)

Bug Fixes

bump release-please from 17.1.3 to 17.3.0 (#1183) (ef9c274)

Changelog

Sourced from googleapis/release-please-action's changelog.

Changelog

4.4.1 (2026-02-20)

Bug Fixes

bump release-please from 17.1.3 to 17.3.0 (#1183) (ef9c274)

4.4.0 (2025-10-09)

Features

add ability to select versioning-strategy and release-as (#1121) (ee0f5ba)

Bug Fixes

changelog-host parameter ignored when using manifest configuration (#1151) (535c413)

bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group acr...
Description has been truncated

…updates Bumps the github-actions group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.5.0` | `6.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.1` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.21.1` | `0.24.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.4.0` | `7.1.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `4.1.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `1.4.4` | `4.1.0` | | [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.4.0` | `4.4.1` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.0.0` | `4.1.1` | Updates `actions/checkout` from 4.2.2 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.2.2...de0fac2) Updates `actions/setup-go` from 5.5.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5.5.0...4a36011) Updates `actions/upload-artifact` from 6.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...043fb46) Updates `anchore/sbom-action` from 0.21.1 to 0.24.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@0b82b0b...e22c389) Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.1.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@e435ccd...e24998b) Updates `docker/login-action` from 3.4.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@74a5d14...4907a6d) Updates `actions/attest-build-provenance` from 1.4.4 to 4.1.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@ef24412...a2bbfa2) Updates `googleapis/release-please-action` from 4.4.0 to 4.4.1 - [Release notes](https://github.com/googleapis/release-please-action/releases) - [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md) - [Commits](googleapis/release-please-action@16a9c90...5c625bf) Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@faadad0...cad07c2) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: anchore/sbom-action dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/attest-build-provenance dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: googleapis/release-please-action dependency-version: 4.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-04-20T10:20:27Z

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions group across 1 directory with 9 updates#43

chore(deps): bump the github-actions group across 1 directory with 9 updates#43
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/github-actions-ddeffe77b1

dependabot Bot commented on behalf of github Apr 20, 2026

Uh oh!

dependabot Bot commented on behalf of github Apr 20, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 20, 2026

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

v6.3.0

What's Changed

v6.2.0

What's Changed

Enhancements

Dependency updates

New Contributors

v6.1.0

What's Changed

Enhancements

v7.0.1

What's Changed

v7.0.0

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

v0.24.0

⬆️ Dependencies

v0.23.1

⬆️ Dependencies

v0.23.0

v0.22.2

⬆️ Dependencies

v0.22.1

⬆️ Dependencies

v0.22.0

Changes in v0.22.0

⬆️ Dependencies

v7.1.0

What's Changed

New Contributors

v7.0.0

What's Changed

v4.1.0

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v4.1.0

What's Changed

v4.0.0

What's Changed

v3.2.0

What's Changed