chore(deps): bump the github-actions group across 1 directory with 3 updates#63
chore(deps): bump the github-actions group across 1 directory with 3 updates#63dependabot[bot] wants to merge 1 commit into
Conversation
…updates Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-go](https://github.com/actions/setup-go) and [actions/attest](https://github.com/actions/attest). Updates `actions/checkout` from 6 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v6...v6.0.2) Updates `actions/setup-go` from 6 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v6...v6.4.0) Updates `actions/attest` from 4 to 4.1.0 - [Release notes](https://github.com/actions/attest/releases) - [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md) - [Commits](actions/attest@v4...v4.1.0) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/attest dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9d3b61186e
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
|
|
||
| - name: Setup Go | ||
| uses: actions/setup-go@v6 | ||
| uses: actions/setup-go@v6.4.0 |
There was a problem hiding this comment.
Pin setup-go to the current v6 release
This pins setup-go to v6.4.0, but the workflow previously used the floating @v6 ref, which now resolves to v6.5.0; that release includes dependency upgrades for npm audit findings. Because action refs are resolved when the workflow runs, merging this downgrades both CI and the release workflow from the version they were already running, so pin to v6.5.0 or keep @v6 instead.
Useful? React with 👍 / 👎.
Bumps the github-actions group with 3 updates in the / directory: actions/checkout, actions/setup-go and actions/attest.
Updates
actions/checkoutfrom 6 to 6.0.2Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
6d193bfBump braces from 3.0.2 to 3.0.3 (#1777)db0cee9Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)b684943Add Ref and Commit outputs (#1180)2d7d9f7Provide explanation for where user email came from (#1869)Updates
actions/setup-gofrom 6 to 6.4.0Release notes
Sourced from actions/setup-go's releases.
... (truncated)
Commits
8d4083aBump@typescript-eslint/parserfrom 5.62.0 to 8.32.0 (#590)fa96338Bump@actions/tool-cachefrom 2.0.1 to 2.0.2 (#591)4de67c0Bump@types/jestfrom 29.5.12 to 29.5.14 (#589)d35c59achore: update discussions url (#527)Updates
actions/attestfrom 4 to 4.1.0Release notes
Sourced from actions/attest's releases.
Commits
59d8942add storage record content to README (#366)ec072a1add new subject-version input (#364)8b290b8bump@actions/attestfrom 3.1.0 to 3.2.0 (#365)35cfe24bump@actions/attestfrom 3.0.0 to 3.1.0 (#362)c32b4b8bump version in package.json to v4.0.0 (#360)1e73be1Bump typescript-eslint in the npm-development group (#358)e1345cbBump the npm-development group across 1 directory with 3 updates (#357)09cd5f6Bump tar from 7.5.7 to 7.5.9 (#354)19ad753test suite re-write (#356)7d7ff44ESM Conversion (#347)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsSummary by cubic
Pin and update GitHub Actions in CI and release workflows to current versions for stability and fixes. Updated
.github/workflows/ci.ymland.github/workflows/release-latest.ymlto useactions/checkout@v6.0.2,actions/setup-go@v6.4.0, andactions/attest@v4.1.0.Written for commit 9d3b611. Summary will update on new commits.