Skip to content

chore(deps): bump the actions group across 1 directory with 6 updates#18

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-0586540d8f
Open

chore(deps): bump the actions group across 1 directory with 6 updates#18
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-0586540d8f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 6 updates in the / directory:

Package From To
actions/checkout 6.0.2 6.0.3
taiki-e/install-action 2.79.5 2.81.10
SonarSource/sonarqube-scan-action 8.1.0 8.2.0
sigstore/cosign-installer 3.10.0 4.1.2
trufflesecurity/trufflehog 3.95.3 3.95.5
EmbarkStudios/cargo-deny-action 2.0.19 2.0.20

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

... (truncated)

Commits

Updates taiki-e/install-action from 2.79.5 to 2.81.10

Release notes

Sourced from taiki-e/install-action's releases.

2.81.10

  • Update tombi@latest to 1.1.3.

  • Update release-plz@latest to 0.3.159.

  • Update cosign@latest to 3.1.1.

2.81.9

  • Update wasm-bindgen@latest to 0.2.123.

  • Update tombi@latest to 1.1.2.

  • Update parse-changelog@latest to 0.6.17.

  • Update just@latest to 1.52.0.

  • Update gungraun-runner@latest to 0.19.2.

  • Update cargo-binstall@latest to 1.20.0.

2.81.8

  • Update vacuum@latest to 0.29.2.

  • Update parse-dockerfile@latest to 0.1.7.

  • Update mise@latest to 2026.6.1.

  • Update cargo-shear@latest to 1.13.1.

2.81.7

  • Update wasmtime@latest to 45.0.1.

  • Update vacuum@latest to 0.29.1.

  • Update syft@latest to 1.45.1.

  • Update rclone@latest to 1.74.3.

  • Update cargo-audit@latest to 0.22.2.

2.81.6

  • Update prek@latest to 0.4.4.

  • Update cargo-shear@latest to 1.13.0.

2.81.5

  • Update vacuum@latest to 0.29.0.

  • Update uv@latest to 0.11.19.

... (truncated)

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

[2.81.10] - 2026-06-11

  • Update tombi@latest to 1.1.3.

  • Update release-plz@latest to 0.3.159.

  • Update cosign@latest to 3.1.1.

[2.81.9] - 2026-06-10

  • Update wasm-bindgen@latest to 0.2.123.

  • Update tombi@latest to 1.1.2.

  • Update parse-changelog@latest to 0.6.17.

  • Update just@latest to 1.52.0.

  • Update gungraun-runner@latest to 0.19.2.

  • Update cargo-binstall@latest to 1.20.0.

[2.81.8] - 2026-06-08

  • Update vacuum@latest to 0.29.2.

  • Update parse-dockerfile@latest to 0.1.7.

  • Update mise@latest to 2026.6.1.

  • Update cargo-shear@latest to 1.13.1.

[2.81.7] - 2026-06-06

  • Update wasmtime@latest to 45.0.1.

  • Update vacuum@latest to 0.29.1.

... (truncated)

Commits

Updates SonarSource/sonarqube-scan-action from 8.1.0 to 8.2.0

Release notes

Sourced from SonarSource/sonarqube-scan-action's releases.

v8.2.0

What's Changed

Full Changelog: SonarSource/sonarqube-scan-action@v8...v8.2.0

Commits
  • 7138816 SQSCANGHA-127 Rename downloaded file to .zip before extraction on Windows (#251)
  • 3581139 SQSCANGHA-135 Fix scanner binaries always re-downloaded due to incompatible 4...
  • c9d327c SQSCANGHA-84 Remove outdated wget/curl references
  • b243e51 SQSCANGHA-88 Deprecate the SONARCLOUD_URL env variable support
  • 375c3f5 SQSCANGHA-149 Add scannerBinariesAuthHeader input for authenticated binary do...
  • 9c78323 SQSCANGHA-144 Add gate jobs to QA workflows for branch protection
  • See full diff in compare view

Updates sigstore/cosign-installer from 3.10.0 to 4.1.2

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.2

What's Changed

v4.1.1

What's Changed

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

  • Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

  • Bump default Cosign to v2.6.1 (#203)
Commits

Updates trufflesecurity/trufflehog from 3.95.3 to 3.95.5

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.95.5

What's Changed

New Contributors

Full Changelog: trufflesecurity/trufflehog@v3.95.3...v3.95.5

v3.95.4

What's Changed

... (truncated)

Commits
  • d411fff feat(apk): adds some debugging info for APKs and fixes issues parsing obfusca...
  • 26eae1f [SCAN-795] HTML decoder: ASPX and entity-encoded HTML support (#4981)
  • 6c8f640 Added source config flags to sharepoint proto (#4972)
  • 9f0b97f Update CODEOWNERS: replace 5 slugs with scanning + integrations (#4983)
  • 36f6f69 Pin GitHub Actions to SHA digests (#4985)
  • 52ebebb Update Go security dependencies (#4986)
  • ec67ff2 Add feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors (#4961)
  • 0ec3634 Fix line numbers for duplicate secrets within a chunk (#4910)
  • 79acbf4 Remove over speculation from Corpora CI workflow (#4974)
  • d86254e feat: add host, db and username to ExtraData for database detectors (#4849)
  • Additional commits viewable in compare view

Updates EmbarkStudios/cargo-deny-action from 2.0.19 to 2.0.20

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the actions group across 1 directory with 6 updates
bbd3ab6 
Bumps the actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.79.5` | `2.81.10` |
| [SonarSource/sonarqube-scan-action](https://github.com/sonarsource/sonarqube-scan-action) | `8.1.0` | `8.2.0` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.10.0` | `4.1.2` |
| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.95.3` | `3.95.5` |
| [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) | `2.0.19` | `2.0.20` |



Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...df4cb1c)

Updates `taiki-e/install-action` from 2.79.5 to 2.81.10
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](taiki-e/install-action@6c1f7cf...7a79fe8)

Updates `SonarSource/sonarqube-scan-action` from 8.1.0 to 8.2.0
- [Release notes](https://github.com/sonarsource/sonarqube-scan-action/releases)
- [Commits](SonarSource/sonarqube-scan-action@7006c44...7138816)

Updates `sigstore/cosign-installer` from 3.10.0 to 4.1.2
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@d7543c9...6f9f177)

Updates `trufflesecurity/trufflehog` from 3.95.3 to 3.95.5
- [Release notes](https://github.com/trufflesecurity/trufflehog/releases)
- [Commits](trufflesecurity/trufflehog@37b7700...d411fff)

Updates `EmbarkStudios/cargo-deny-action` from 2.0.19 to 2.0.20
- [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases)
- [Commits](EmbarkStudios/cargo-deny-action@a531616...bb137d7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: taiki-e/install-action
  dependency-version: 2.81.10
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: SonarSource/sonarqube-scan-action
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: trufflesecurity/trufflehog
  dependency-version: 3.95.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-version: 2.0.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from lgutschow as a code owner June 15, 2026 01:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lgutschow lgutschow Awaiting requested review from lgutschow lgutschow is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants