deps: bump the production-dependencies group across 1 directory with 13 updates #63

dependabot · 2025-09-08T12:39:11Z

Bumps the production-dependencies group with 13 updates in the / directory:

Package	From	To
actions/checkout	`4`	`5`
actions/github-script	`7`	`8`
dtolnay/rust-toolchain	`56f84321dbccf38fb67ce29ab63e4754056677e0`	`e97e2d8cc328f1b50210efc529dca0028893a2d9`
docker/setup-buildx-action	`3.10.0`	`3.11.1`
docker/login-action	`3.4.0`	`3.5.0`
docker/metadata-action	`5.7.0`	`5.8.0`
docker/build-push-action	`6.15.0`	`6.18.0`
actions/attest-build-provenance	`2.2.3`	`3.0.0`
anchore/scan-action	`6.1.0`	`6.5.1`
actions/labeler	`5`	`6`
actions/setup-python	`5`	`6`
42ByteLabs/patch-release-me	`0.5.3`	`0.6.2`
Andrew-Chen-Wang/github-wiki-action	`4.4.0`	`5.0.1`

Updates actions/checkout from 4 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

Prepare release v4.3.0 by @salmanmkc in actions/checkout#2237

New Contributors

@motss made their first contribution in actions/checkout#1971

@mouismail made their first contribution in actions/checkout#1977

@benwells made their first contribution in actions/checkout#2043

@nebuk89 made their first contribution in actions/checkout#2194

@salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

V4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

... (truncated)

Commits

08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
See full diff in compare view

Updates actions/github-script from 7 to 8

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

Update Node.js version support to 24.x by @salmanmkc in actions/github-script#637

README for updating actions/github-script from v7 to v8 by @sneha-krip in actions/github-script#653

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

@salmanmkc made their first contribution in actions/github-script#637

@sneha-krip made their first contribution in actions/github-script#653

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

Upgrade husky to v9 by @benelan in actions/github-script#482

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/github-script#485

Upgrade IA Publish by @Jcambass in actions/github-script#486

Fix workflow status badges by @joshmgross in actions/github-script#497

Update usage of actions/upload-artifact by @joshmgross in actions/github-script#512

Clear up package name confusion by @joshmgross in actions/github-script#514

Update dependencies with npm audit fix by @joshmgross in actions/github-script#515

Specify that the used script is JavaScript by @timotk in actions/github-script#478

chore: Add Dependabot for NPM and Actions by @nschonni in actions/github-script#472

Define permissions in workflows and update actions by @joshmgross in actions/github-script#531

chore: Add Dependabot for .github/actions/install-dependencies by @nschonni in actions/github-script#532

chore: Remove .vscode settings by @nschonni in actions/github-script#533

ci: Use github/setup-licensed by @nschonni in actions/github-script#473

make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @iamstarkov in actions/github-script#508

Remove octokit README updates for v7 by @joshmgross in actions/github-script#557

docs: add "exec" usage examples by @neilime in actions/github-script#546

Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @dependabot[bot] in actions/github-script#563

Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @dependabot[bot] in actions/github-script#575

Clearly document passing inputs to the script by @joshmgross in actions/github-script#603

Update README.md by @nebuk89 in actions/github-script#610

New Contributors

@benelan made their first contribution in actions/github-script#482

@Jcambass made their first contribution in actions/github-script#485

@timotk made their first contribution in actions/github-script#478

@iamstarkov made their first contribution in actions/github-script#508

@neilime made their first contribution in actions/github-script#546

@nebuk89 made their first contribution in actions/github-script#610

Full Changelog: actions/github-script@v7...v7.1.0

... (truncated)

Commits

ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
2dc352e Bold minimum Actions Runner version in README
01e118c Update README for Node 24 runtime requirements
8b222ac Apply suggestion from @salmanmkc
adc0eea README for updating actions/github-script from v7 to v8
20fe497 Merge pull request #637 from actions/node24
e7b7f22 update licenses
2c81ba0 Update Node.js version support to 24.x
See full diff in compare view

Updates dtolnay/rust-toolchain from 56f84321dbccf38fb67ce29ab63e4754056677e0 to e97e2d8cc328f1b50210efc529dca0028893a2d9

Commits

e97e2d8 Update actions/checkout@v4 -> v5
3bd6ba1 Merge pull request #168 from dtolnay/sed
0185c06 Fix update-revs.sh to recognize only the intended required: true
350b817 Merge pull request #166 from dtolnay/fix1
6ded28b Try without comment?
cc2784c Merge pull request #165 from dtolnay/fix2
f6642a8 Try without backtick?
5ee21dc Merge pull request #162 from dtolnay/pin
ed196ec Add note about full-length SHA
57e4097 Update example version number to a recent one
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.10.0 to 3.11.1

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.11.1

Fix keep-state not being respected by @crazy-max in docker/setup-buildx-action#429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Keep BuildKit state support by @crazy-max in docker/setup-buildx-action#427

Remove aliases created when installing by default by @hashhar in docker/setup-buildx-action#139

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/setup-buildx-action#422 docker/setup-buildx-action#425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

Commits

e468171 Merge pull request #429 from crazy-max/fix-keep-state
a3e7502 chore: update generated content
b145473 fix keep-state not being respected
18ce135 Merge pull request #425 from docker/dependabot/npm_and_yarn/docker/actions-to...
0e198e9 chore: update generated content
05f3f3a build(deps): bump @docker/actions-toolkit from 0.61.0 to 0.62.1
6229134 Merge pull request #427 from crazy-max/keep-state
c6f6a07 chore: update generated content
6c5e29d skip builder creation if one already exists with the same name
548b297 ci: keep-state check
Additional commits viewable in compare view

Updates docker/login-action from 3.4.0 to 3.5.0

Release notes

Sourced from docker/login-action's releases.

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

Bump @aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870

Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

Commits

184bdaa Merge pull request #878 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
5c6bc94 chore: update generated content
caf4058 build(deps): bump the aws-sdk-dependencies group with 2 updates
ef38ec3 Merge pull request #860 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
d52e8ef chore: update generated content
9644ab7 build(deps): bump the aws-sdk-dependencies group with 2 updates
7abd1d5 Merge pull request #875 from docker/dependabot/npm_and_yarn/form-data-2.5.5
1a81202 Merge pull request #876 from crazy-max/aws-public-dual-stack
d1ab30d chore: update generated content
f25ff28 support dual-stack for aws public ecr
Additional commits viewable in compare view

Updates docker/metadata-action from 5.7.0 to 5.8.0

Release notes

Sourced from docker/metadata-action's releases.

v5.8.0

New is_not_default_branch global expression by @crazy-max in docker/metadata-action#535

Allow to match part of the git tag or value for semver/pep440 types by @crazy-max in docker/metadata-action#536 docker/metadata-action#537

Bump @actions/github from 6.0.0 to 6.0.1 in docker/metadata-action#523

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/metadata-action#526

Bump form-data from 2.5.1 to 2.5.5 in docker/metadata-action#533

Bump moment-timezone from 0.5.47 to 0.6.0 in docker/metadata-action#525

Bump semver from 7.7.1 to 7.7.2 in docker/metadata-action#524

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

Commits

c1e5197 Merge pull request #537 from crazy-max/pep440-match
89dd65a chore: update generated content
699ee45 allow to match part of the git tag or value for pep440 type
e0542a6 Merge pull request #536 from crazy-max/semver-match
b7facdf chore: update generated content
81c60df allow to match part of the git tag or value for semver type
de11195 Merge pull request #535 from crazy-max/not_def_branch
2f9c64b Merge pull request #533 from docker/dependabot/npm_and_yarn/form-data-2.5.5
510f746 chore: update generated content
2bc3f4e is_not_default_branch global expression
Additional commits viewable in compare view

Updates docker/build-push-action from 6.15.0 to 6.18.0

Release notes

Sourced from docker/build-push-action's releases.

v6.18.0

Bump @docker/actions-toolkit from 0.61.0 to 0.62.1 in docker/build-push-action#1381

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Bump @docker/actions-toolkit from 0.59.0 to 0.61.0 by @crazy-max in docker/build-push-action#1364

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

Handle no default attestations env var by @crazy-max in docker/build-push-action#1343

Only print secret keys in build summary output by @crazy-max in docker/build-push-action#1353

Bump @docker/actions-toolkit from 0.56.0 to 0.59.0 in docker/build-push-action#1352

Full Changelog: docker/build-push-action@v6.15.0...v6.16.0

Commits

2634353 Merge pull request #1381 from docker/dependabot/npm_and_yarn/docker/actions-t...
c0432d2 chore: update generated content
0bb1f27 set builder driver and endpoint attributes for dbc summary support
5f9dbf9 chore(deps): Bump @docker/actions-toolkit from 0.61.0 to 0.62.1
0788c44 Merge pull request #1375 from crazy-max/remove-gcr
aa179ca e2e: remove GCR
1dc7386 Merge pull request #1364 from crazy-max/history-export-cmd
9c9803f chore: update generated content
db1f6c4 DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export
721e8c7 Bump @docker/actions-toolkit from 0.59.0 to 0.61.0
Additional commits viewable in compare view

Updates actions/attest-build-provenance from 2.2.3 to 3.0.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v3.0.0

What's Changed

Adjust node max-http-header-size setting by @bdehamer in actions/attest-build-provenance#687

Bump actions/attest from v2.4.0 to v3.0.0 by @bdehamer in actions/attest-build-provenance#691

Bump to node24 runtime

Improved checksum parsing

Bump attest-build-provenance/predicate to v2.0.0 by @bdehamer in actions/attest-build-provenance#693

Bump to node24 runtime by @bdehamer in actions/attest-build-provenance#692

⚠️ Minimum Compatible Runner Version

v2.327.1 Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/attest-build-provenance@v2.4.0...v3.0.0

v2.4.0

What's Changed

Bump undici from 5.28.5 to 5.29.0 by @dependabot in actions/attest-build-provenance#633

Bump actions/attest from 2.3.0 to 2.4.0 by @bdehamer in actions/attest-build-provenance#654

Includes support for the new well-known summary file which will accumulate paths to all attestations generated in a given workflow run

Full Changelog: actions/attest-build-provenance@v2.3.0...v2.4.0

v2.3.0

What's Changed

Bump actions/attest from 2.2.1 to 2.3.0 by @bdehamer in actions/attest-build-provenance#615

Updates @sigstore/oci from 0.4.0 to 0.5.0

Full Changelog: actions/attest-build-provenance@v2.2.3...v2.3.0

Commits

977bb37 bump attest-build-provenance/predicate to v2.0.0 (#693)
864457a Bump to node24 runtime (#692)
57aa2b0 bump actions/attest from v2.4.0 to v3.0.0 (#691)
8ee7163 refactor eslint config (#690)
91ca1c2 Bump actions/checkout from 4.1.1 to 5.0.0 (#684)
ff19f40 custom node max-http-header-size (#687)
8bd83f1 pin workflow deps (#683)
f0878de Bump the npm-development group with 4 updates (#681)
463e6df Bump the npm-development group with 3 updates (#678)
fef91c1 Bump the npm-development group with 6 updates (#673)
Additional commits viewable in compare view

Updates anchore/scan-action from 6.1.0 to 6.5.1

Release notes

Sourced from anchore/scan-action's releases.

v6.5.1

New in scan-action v6.5.1

Update Grype to v0.97.1 (#495)

v6.5.0

New in scan-action v6.5.0

Update Grype to v0.96.1 (#493) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

fix: output stderr for nonzero exit code (#491) [kzantow]

v6.4.0

New in scan-action v6.4.0

Update Grype to v0.95.0 (#486)

chore(deps-dev): bump eslint from 9.30.0 to 9.30.1 (#485)

chore(deps-dev): bump lint-staged from 16.1.0 to 16.1.2 (#476)

chore(deps-dev): bump jest from 30.0.0 to 30.0.3 (#481)

chore(deps-dev): bump prettier from 3.5.3 to 3.6.2 (#483)

chore(deps-dev): bump eslint from 9.28.0 to 9.30.0 (#484)

v6.3.0

New in scan-action v6.3.0

Update Grype to v0.94.0 (#470)

v6.2.0

New in scan-action v6.2.0

feat: update Scan action to use grype db v6 (#462) [spiffcs]

Commits

1638637 chore(deps-dev): bump eslint from 9.31.0 to 9.32.0 (#494)
a834544 chore(deps): update Grype to v0.97.1 (#495)
df39580 chore(deps-dev): bump jest from 30.0.4 to 30.0.5 (#492)
e4ff89e chore(deps): update Grype to v0.96.1 (#493)
b8370fa fix: output stderr to log, more accurate nonzero exit code behavior (#491)
a0ef9a0 chore(deps-dev): bump jest from 30.0.3 to 30.0.4 (#487)
0fc8134 chore(deps-dev): bump eslint from 9.30.1 to 9.31.0 (#488)
0743469 chore(deps): update Grype to v0.96.0 (#489)
16910ac chore(deps): update Grype to v0.95.0 (#486)
caee21c chore(deps-dev): bump eslint from 9.30.0 to 9.30.1 (#485)
Additional commits viewable in compare view

Updates actions/labeler from 5 to 6

Release notes

Sourced from actions/labeler's releases.

v6.0.0

What's Changed

Add workflow file for publishing releases to immutable action package by @jcambass in actions/labeler#802

Breaking Changes

Upgrade Node.js version to 24 in action and dependencies @salmanmkc in actions/labeler#891 Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. Release Notes

Dependency Upgrades

Upgrade eslint-config-prettier from 9.0.0 to 9.1.0 by @dependabot[bot] in actions/labeler#711

Upgrade eslint from 8.52.0 to 8.55.0 by @dependabot[bot] in actions/labeler#720

Upgrade @types/jest from 29.5.6 to 29.5.11 by @dependabot[bot] in actions/labeler#719

Upgrade @types/js-yaml from 4.0.8 to 4.0.9 by @dependabot[bot] in actions/labeler#718

Upgrade @typescript-eslint/parser from 6.9.0 to 6.14.0 by @dependabot[bot] in actions/labeler#717

Upgrade prettier from 3.0.3 to 3.1.1 by @dependabot[bot] in actions/labeler#726

Upgrade eslint from 8.55.0 to 8.56.0 by @dependabot[bot] in actions/labeler#725

Upgrade @typescript-eslint/parser from 6.14.0 to 6.19.0 by @dependabot[bot] in actions/labeler#745

Upgrade eslint-plugin-jest from 27.4.3 to 27.6.3 by @dependabot[bot] in actions/labeler#744

Upgrade @typescript-eslint/eslint-plugin from 6.9.0 to 6.20.0 by @dependabot[bot] in actions/labeler#750

Upgrade prettier from 3.1.1 to 3.2.5 by @dependabot[bot] in actions/labeler#752

Upgrade undici from 5.26.5 to 5.28.3 by @dependabot[bot] in actions/labeler#757

Upgrade braces from 3.0.2 to 3.0.3 by @dependabot[bot] in actions/labeler#789

Upgrade minimatch from 9.0.3 to 10.0.1 by @dependabot[bot] in actions/labeler#805

Upgrade @actions/core from 1.10.1 to 1.11.1 by @dependabot[bot] in actions/labeler#811

Upgrade typescript from 5.4.3 to 5.7.2 by @dependabot[bot] in actions/labeler#819

Upgrade @typescript-eslint/parser from 7.3.1 to 8.17.0 by @dependabot[bot] in actions/labeler#824

Upgrade prettier from 3.2.5 to 3.4.2 by @dependabot[bot] in actions/labeler#825

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot[bot] in actions/labeler#827

Upgrade eslint-plugin-jest from 27.9.0 to 28.9.0 by @dependabot[bot] in actions/labeler#832

Upgrade ts-jest from 29.1.2 to 29.2.5 by @dependabot[bot] in actions/labeler#831

Upgrade @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot[bot] in actions/labeler#830

Upgrade typescript from 5.7.2 to 5.7.3 by @dependabot[bot] in actions/labeler#835

Upgrade eslint-plugin-jest from 28.9.0 to 28.11.0 by @dependabot[bot] in actions/labeler#839

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot[bot] in actions/labeler#842

Upgrade @octokit/request-error from 5.0.1 to 5.1.1 by @dependabot[bot] in actions/labeler#846

Documentation changes

Add note regarding pull_request_target to README.md by @silverwind in actions/labeler#669

Update readme with additional examples and important note about pull_request_target event by @IvanZosimov in actions/labeler#721

Document update - permission section by @harithavattikuti in actions/labeler#840

Improvement in documentation for pull_request_target event usage in README by @suyashgaonkar in actions/labeler#871

Fix broken links in documentation by @suyashgaonkar in actions/labeler#822

New Contributors

@silverwind made their first contribution in actions/labeler#669

@Jcambass made their first contribution in actions/labeler#802

@suyashgaonkar made their first contribution in actions/labeler#822

@HarithaVattikuti made their first contribution in actions/labeler#840

@salmanmkc made their first contribution in actions/labeler#891

... (truncated)

Commits

634933e publish-action upgrade to 0.4.0 from 0.2.2 (#901)
f1a63e8 Update Node.js version to 24 in action and dependencies (#891)
b0a1180 Bump @octokit/request-error from 5.0.1 to 5.1.1 (#846)
110d441 Update README.md (#871)

…13 updates Bumps the production-dependencies group with 13 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `8` | | [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `56f84321dbccf38fb67ce29ab63e4754056677e0` | `e97e2d8cc328f1b50210efc529dca0028893a2d9` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.10.0` | `3.11.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.5.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.7.0` | `5.8.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.15.0` | `6.18.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.2.3` | `3.0.0` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `6.1.0` | `6.5.1` | | [actions/labeler](https://github.com/actions/labeler) | `5` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [42ByteLabs/patch-release-me](https://github.com/42bytelabs/patch-release-me) | `0.5.3` | `0.6.2` | | [Andrew-Chen-Wang/github-wiki-action](https://github.com/andrew-chen-wang/github-wiki-action) | `4.4.0` | `5.0.1` | Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) Updates `actions/github-script` from 7 to 8 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v8) Updates `dtolnay/rust-toolchain` from 56f84321dbccf38fb67ce29ab63e4754056677e0 to e97e2d8cc328f1b50210efc529dca0028893a2d9 - [Release notes](https://github.com/dtolnay/rust-toolchain/releases) - [Commits](dtolnay/rust-toolchain@56f8432...e97e2d8) Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@b5ca514...e468171) Updates `docker/login-action` from 3.4.0 to 3.5.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@74a5d14...184bdaa) Updates `docker/metadata-action` from 5.7.0 to 5.8.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@902fa8e...c1e5197) Updates `docker/build-push-action` from 6.15.0 to 6.18.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@471d1dc...2634353) Updates `actions/attest-build-provenance` from 2.2.3 to 3.0.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@c074443...977bb37) Updates `anchore/scan-action` from 6.1.0 to 6.5.1 - [Release notes](https://github.com/anchore/scan-action/releases) - [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md) - [Commits](anchore/scan-action@7c05671...1638637) Updates `actions/labeler` from 5 to 6 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@v5...v6) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `42ByteLabs/patch-release-me` from 0.5.3 to 0.6.2 - [Release notes](https://github.com/42bytelabs/patch-release-me/releases) - [Changelog](https://github.com/42ByteLabs/patch-release-me/blob/main/.release.yml) - [Commits](42ByteLabs/patch-release-me@f950db6...1a840ec) Updates `Andrew-Chen-Wang/github-wiki-action` from 4.4.0 to 5.0.1 - [Release notes](https://github.com/andrew-chen-wang/github-wiki-action/releases) - [Commits](Andrew-Chen-Wang/github-wiki-action@50650fc...2c80c13) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: dtolnay/rust-toolchain dependency-version: e97e2d8cc328f1b50210efc529dca0028893a2d9 dependency-type: direct:production dependency-group: production-dependencies - dependency-name: docker/setup-buildx-action dependency-version: 3.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: docker/login-action dependency-version: 3.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: docker/metadata-action dependency-version: 5.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: docker/build-push-action dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: actions/attest-build-provenance dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: anchore/scan-action dependency-version: 6.5.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: actions/labeler dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: 42ByteLabs/patch-release-me dependency-version: 0.6.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: production-dependencies - dependency-name: Andrew-Chen-Wang/github-wiki-action dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

github-actions · 2025-09-08T12:39:29Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

dependabot · 2025-10-13T12:12:52Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 8, 2025

dependabot bot requested a review from a team as a code owner September 8, 2025 12:39

dependabot bot added the dependencies Pull requests that update a dependency file label Sep 8, 2025

dependabot bot requested review from adrienpessu and felickz September 8, 2025 12:39

dependabot bot closed this Oct 13, 2025

dependabot bot deleted the dependabot/github_actions/main/production-dependencies-5e4c7f0a01 branch October 13, 2025 12:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

deps: bump the production-dependencies group across 1 directory with 13 updates #63

deps: bump the production-dependencies group across 1 directory with 13 updates #63

Uh oh!

dependabot bot commented on behalf of github Sep 8, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Sep 8, 2025 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Oct 13, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

deps: bump the production-dependencies group across 1 directory with 13 updates #63

deps: bump the production-dependencies group across 1 directory with 13 updates #63

Uh oh!

Conversation

dependabot bot commented on behalf of github Sep 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.0

What's Changed

New Contributors

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

New Contributors

v7.1.0

What's Changed

New Contributors

v3.11.1

v3.11.0

v3.5.0

v5.8.0

v6.18.0

v6.17.0

v6.16.0

v3.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.4.0

What's Changed

v2.3.0

What's Changed

v6.5.1

New in scan-action v6.5.1

v6.5.0

New in scan-action v6.5.0

v6.4.0

New in scan-action v6.4.0

v6.3.0

New in scan-action v6.3.0

v6.2.0

New in scan-action v6.2.0

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Documentation changes

New Contributors

Uh oh!

github-actions bot commented Sep 8, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dependency Review

Uh oh!

dependabot bot commented on behalf of github Oct 13, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Sep 8, 2025 •

edited

Loading

github-actions bot commented Sep 8, 2025 •

edited

Loading