Skip to content

chore(deps): bump the actions-updates group across 1 directory with 5 updates #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 7 commits into
base: main
Choose a base branch
from
Open

chore(deps): bump the actions-updates group across 1 directory with 5 updates #62

dependabot wants to merge 7 commits into from
+22 −22

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 26, 2026
edited
Loading

Bumps the actions-updates group with 5 updates in the / directory:

Package From To
actions/checkout 5.0.0 6.0.2
astral-sh/setup-uv 7.1.0 7.2.0
actions/cache 4.3.0 5.0.2
actions/upload-artifact 4.6.2 6.0.0
actions/create-github-app-token 2.1.4 2.2.1

Updates actions/checkout from 5.0.0 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates astral-sh/setup-uv from 7.1.0 to 7.2.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.2.0 🌈 add outputs python-version and python-cache-hit

Changes

Among some minor typo fixes and quality of life features for developers of actions the main feature of this release are new outputs:

  • python-version: The Python version that was set (same content as existing UV_PYTHON)
  • python-cache-hit: A boolean value to indicate the Python cache entry was found

While implementing this it became clear, that it is easier to handle the Python binaries in a separate cache entry. The added benefit for users is that the "normal" cache containing the dependencies can be used in all runs no matter if these cache the Python binaries or not.

[!NOTE]
This release will invalidate caches that contain the Python binaries. This happens a single time.

🐛 Bug fixes

  • chore: remove stray space from UV_PYTHON_INSTALL_DIR message @​akx (#720)

🚀 Enhancements

🧰 Maintenance

⬆️ Dependency updates

v7.1.6 🌈 add OS version to cache key to prevent binary incompatibility

Changes

This release will invalidate your cache existing keys!

The os version e.g. ubuntu-22.04 is now part of the cache key. This prevents failing builds when a cache got populated with wheels built with different tools (e.g. glibc) than are present on the runner where the cache got restored.

🐛 Bug fixes

  • feat: add OS version to cache key to prevent binary incompatibility @​eifinger (#716)

🧰 Maintenance

... (truncated)

Commits
  • 61cb8a9 add outputs python-version and python-cache-hit (#728)
  • 11050ed fix: use uv_build backend for old-python-constraint-project (#729)
  • 1d22faf Bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 (#719)
  • f4ed82a Bump github/codeql-action from 4.31.6 to 4.31.9 (#723)
  • e0409b4 chore: update known checksums for 0.9.22 (#727)
  • 702b425 chore: update known checksums for 0.9.21 (#726)
  • 2630c86 chore: update known checksums for 0.9.20 (#725)
  • 45cfcb3 Add action typings with validation (#721)
  • ce0a899 chore: update known checksums for 0.9.18 (#718)
  • 9c8d030 chore: remove stray space from UV_PYTHON_INSTALL_DIR message (#720)
  • Additional commits viewable in compare view

Updates actions/cache from 4.3.0 to 5.0.2

Release notes

Sourced from actions/cache's releases.

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

v5.0.1

What's Changed

v5.0.0

What's Changed

Full Changelog: actions/cache@v5...v5.0.1

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Full Changelog: actions/cache@v4.3.0...v5.0.0

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

  • Bump @actions/cache to v4.1.0

4.2.4

  • Bump @actions/cache to v4.0.5

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

  • Bump @actions/cache to v4.0.2

4.2.1

  • Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

... (truncated)

Commits
  • 8b402f5 Merge pull request #1692 from GhadimiR/main
  • 304ab5a license for httpclient
  • 609fc19 Update licensed record for cache
  • b22231e Build
  • 93150cd Add PR link to releases
  • 9b8ca9f Bump actions/cache to 5.0.3
  • 9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
  • 8ff5423 chore: release v5.0.1
  • 9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
  • b975f2b fix: add peer property to package-lock.json for dependencies
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Updates actions/create-github-app-token from 2.1.4 to 2.2.1

Release notes

Sourced from actions/create-github-app-token's releases.

v2.2.1

2.2.1 (2025-12-05)

Bug Fixes

  • deps: bump the production-dependencies group with 2 updates (#311) (b212e6a)

v2.2.0

2.2.0 (2025-11-21)

Bug Fixes

  • deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
  • deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)
  • deps: bump the production-dependencies group with 2 updates (#292) (55e2a4b)

Features

Commits
  • 29824e6 build(release): 2.2.1 [skip ci]
  • b212e6a fix(deps): bump the production-dependencies group with 2 updates (#311)
  • 8efbf9b ci: create stale workflow (#309)
  • 7e473ef build(release): 2.2.0 [skip ci]
  • dce3be8 fix(deps): bump p-retry from 6.2.1 to 7.1.0 (#294)
  • 5480f43 fix(deps): bump glob from 10.4.5 to 10.5.0 (#305)
  • d90aa53 feat: update permission inputs (#296)
  • 55e2a4b fix(deps): bump the production-dependencies group with 2 updates (#292)
  • cc6f999 ci(test): trigger on merge_group (#308)
  • 40fa6b5 build(deps-dev): bump @​sinonjs/fake-timers from 14.0.0 to 15.0.0 (#295)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 26, 2026
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 26, 2026
View reviewed changes
.github/workflows/ci-code.yaml Outdated
- name: Cache cargo-make binary
id: cache-cargo-make
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v4

Check warning

Code scanning / zizmor

detects commit SHAs that don't match their version comment tags Warning

detects commit SHAs that don't match their version comment tags
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions-updates-5eb69e0e9b branch from 993f4da to 80f9c99 Compare January 28, 2026 07:46
@dependabot
chore(deps): bump the actions-updates group across 1 directory with 5…
22cbded 
… updates

Bumps the actions-updates group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.2` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.1.0` | `7.2.0` |
| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.2` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `6.0.0` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.1.4` | `2.2.1` |



Updates `actions/checkout` from 5.0.0 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08c6903...de0fac2)

Updates `astral-sh/setup-uv` from 7.1.0 to 7.2.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@3259c62...61cb8a9)

Updates `actions/cache` from 4.3.0 to 5.0.2
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0057852...8b402f5)

Updates `actions/upload-artifact` from 4.6.2 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...b7c566a)

Updates `actions/create-github-app-token` from 2.1.4 to 2.2.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@6701853...29824e6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-updates
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-updates
- dependency-name: actions/cache
  dependency-version: 5.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-updates
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-updates
- dependency-name: actions/create-github-app-token
  dependency-version: 2.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-updates
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions-updates-5eb69e0e9b branch from 80f9c99 to 22cbded Compare January 28, 2026 17:27
bleggett
bleggett reviewed Jan 28, 2026
View reviewed changes
.github/workflows/ci-code.yaml

- name: Restore cached cargo-make
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v4
Copy link
Contributor

@bleggett bleggett Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v4
uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bleggett bleggett bleggett left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bleggett