chore(deps): bump the github-actions group with 7 updates #347

dependabot · 2025-04-21T23:29:52Z

Bumps the github-actions group with 7 updates:

Package	From	To
actions/setup-go	`3`	`5`
golangci/golangci-lint-action	`6.5.1`	`7.0.0`
Zenithar/gh-gomod-generate-sbom	`1.0.1`	`1.0.3`
Apple-Actions/import-codesign-certs	`3`	`5`
goreleaser/goreleaser-action	`6.0.0`	`6.3.0`
AButler/upload-release-assets	`2.0`	`3.0`
sonatype-nexus-community/nancy-github-action	`1.0.2`	`1.0.3`

Updates actions/setup-go from 3 to 5

Release notes

Sourced from actions/setup-go's releases.

v5.0.0

What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20 (actions/setup-go#421). Moreover, we update some dependencies to the latest versions (actions/setup-go#445).

Besides, this release contains such changes as:

Fix hosted tool cache usage on windows by @galargh in actions/setup-go#411

Improve documentation regarding dependencies caching by @artemgavrilov in actions/setup-go#417

New Contributors

@galargh made their first contribution in actions/setup-go#411

@artemgavrilov made their first contribution in actions/setup-go#417

@chenrui333 made their first contribution in actions/setup-go#421

Full Changelog: actions/setup-go@v4...v5.0.0

v4.2.1

What's Changed

Add workflow file for publishing releases to immutable action package by @aparnajyothi-y in actions/setup-go#583

Full Changelog: actions/setup-go@v4...v4.2.1

v4.2.0

What's Changed

Upgrade @actions/cache by @priyagupta108 in actions/setup-go#578. In scope of this release we updated actions/cache package to 4.0.3. This update ensures continued support and compatibility, as older versions of the package are now deprecated. For more information please refer to the toolkit/cache.

Full Changelog: actions/setup-go@v4...v4.2.0

v4.1.0

What's Changed

In scope of this release, slow installation on Windows was fixed by @dsame in actions/setup-go#393 and OS version was added to primaryKey for Ubuntu runners to avoid conflicts (actions/setup-go#383)

This release also includes the following changes:

Remove implicit dependencies by @nikolai-laevskii in actions/setup-go#378

Update action.yml by @mkelly in actions/setup-go#379

Added a description that go-version should be specified as a string type by @n3xem in actions/setup-go#367

Add note about YAML parsing versions by @dmitry-shibanov in actions/setup-go#382

Automatic update of configuration files from 05/23/2023 by @github-actions in actions/setup-go#377

Bump tough-cookie and @azure/ms-rest-js by @dependabot in actions/setup-go#392

Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in actions/setup-go#397

Bump semver from 6.3.0 to 6.3.1 by @dependabot in actions/setup-go#396

New Contributors

@mkelly made their first contribution in actions/setup-go#379

@n3xem made their first contribution in actions/setup-go#367

Full Changelog: actions/setup-go@v4...v4.1.0

... (truncated)

Commits

0aaccfd Bump undici from 5.28.4 to 5.28.5 (#541)
c4c1141 upgrade actions/cache to 4.0.2 (#568)
5a083d0 Bump eslint-config-prettier from 8.10.0 to 10.0.1 (#536)
1d82324 Bump semver from 7.6.0 to 7.6.3 (#535)
f111f33 Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#534)
3d10edb Add new permission section (#533)
43e1389 Configure Dependabot settings (#530)
f81f022 Use the new cache service: upgrade @actions/cache to ^4.0.0 (#531)
3041bf5 feat: fallback to "raw" endpoint for manifest when rate limit is reached (#496)
41dfa10 Enhance workflows and Upgrade micromatch Dependency (#510)
Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 6.5.1 to 7.0.0

Release notes

Sourced from golangci/golangci-lint-action's releases.

v7.0.0

⚠️ The GitHub Action v7 supports golangci-lint v2 only. ⚠️

What's Changed

Changes

feat: golangci-lint v2 support by @ldez in golangci/golangci-lint-action#1198

Documentation

docs: update annotation permissions by @ldez in golangci/golangci-lint-action#1203

docs: fix checks permissions for annotations by @kema-dev in golangci/golangci-lint-action#1204

Dependencies

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot in golangci/golangci-lint-action#1207

New Contributors

@kema-dev made their first contribution in golangci/golangci-lint-action#1204

Full Changelog: golangci/golangci-lint-action@v6.5.2...v7.0.0

v6.5.2

What's Changed

Changes

fix: update max version by @ldez in golangci/golangci-lint-action#1201

Dependencies

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot in golangci/golangci-lint-action#1199

Full Changelog: golangci/golangci-lint-action@v6.5.1...v6.5.2

Commits

1481404 7.0.0
dec74fa feat: golangci-lint v2 support (#1198)
1f07148 build(deps-dev): bump the dev-dependencies group with 3 updates (#1207)
9938e10 docs: fix checks permissions for annotations (#1204)
b91d580 docs: update annotation permissions (#1203)
55c2c14 6.5.2
911ec56 fix: update max version (#1201)
eb5c0cc build(deps-dev): bump the dev-dependencies group with 2 updates (#1199)
See full diff in compare view

Updates Zenithar/gh-gomod-generate-sbom from 1.0.1 to 1.0.3

Commits

2cdc82f chore(ci): use node16
6e1f0c3 chore(node): update to node18
See full diff in compare view

Updates Apple-Actions/import-codesign-certs from 3 to 5

Release notes

Sourced from Apple-Actions/import-codesign-certs's releases.

v5.0.0

What's Changed

Add cleanup so delete-keychain-if-exists is no longer needed/supported

Add support for 3rd Party Mac Developer Installer certificates by @ky1vstar in Apple-Actions/import-codesign-certs#66

Remove use of -A to allow all during import (#60)

New Contributors

@ky1vstar made their first contribution in Apple-Actions/import-codesign-certs#66

Full Changelog: Apple-Actions/import-codesign-certs@v4...v5.0.0

v4.0.1

What's Changed

Switch back to node20 (22 isn't supported yet)

Full Changelog: Apple-Actions/import-codesign-certs@v4.0.0...v4.0.1

Commits

cfd6eb3 Remove old certificate that's no longer used
c3259b8 Version of node is tracked in package.json now
541590c Put it back into a single file since the isPost check now works
3270199 Separate cleanup so it will run correctly
e6c5cfe Try inverting sense of isPost check
9ee085c Remove allowing all apps (fixes #60)
d903585 Merge pull request #66 from ky1vstar/master
8c47fdd Merge branch 'master' into master
eeb8a77 Add post handler to cleanup and simplify use on self-hosted runners (fixes #8)
2dbeb2d Use node 20 since 22 isn't supported
Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.0.0 to 6.3.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.3.0

Bump undici from 5.28.3 to 5.28.5 in goreleaser/goreleaser-action#488

Full Changelog: goreleaser/goreleaser-action@v6.2.1...v6.3.0

v6.2.1

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix). Older versions should work fine.

[!WARNING] This version is required for GoReleaser Pro v2.7.0+. Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.2.0...v6.2.1

v6.2.0

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix). Older versions should work fine.

[!WARNING] This version is required for GoReleaser Pro v2.7.0+. Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.1.0...v6.2.0

v6.1.0

What's Changed

chore(deps): bump braces from 3.0.2 to 3.0.3 by @dependabot in goreleaser/goreleaser-action#467

chore(deps): bump docker/bake-action from 4 to 5 by @dependabot in goreleaser/goreleaser-action#468

chore(deps): bump semver from 7.6.2 to 7.6.3 by @dependabot in goreleaser/goreleaser-action#470

chore(deps): bump @actions/http-client from 2.2.1 to 2.2.2 by @dependabot in goreleaser/goreleaser-action#473

chore(deps): bump @actions/http-client from 2.2.2 to 2.2.3 by @dependabot in goreleaser/goreleaser-action#474

chore(deps): bump micromatch from 4.0.5 to 4.0.8 by @dependabot in goreleaser/goreleaser-action#475

chore(deps): bump @actions/core from 1.10.1 to 1.11.1 by @dependabot in goreleaser/goreleaser-action#478

docs: bump upload-artifact version by @dunglas in goreleaser/goreleaser-action#479

chore: update generated content by @crazy-max in goreleaser/goreleaser-action#480

New Contributors

@dunglas made their first contribution in goreleaser/goreleaser-action#479

Full Changelog: goreleaser/goreleaser-action@v6.0.0...v6.1.0

Commits

9c156ee ci: update bake-action to v6 (#493)
73c477b chore(deps): bump undici from 5.28.3 to 5.28.5 (#488)
19c00a9 chore(deps): bump codecov/codecov-action from 4 to 5 (#481)
90a3faa chore(deps): bake vendor
0262998 test: fixes
450d3a4 test: fix configs
25b92ab chore(deps): update semver and tool-cache
bc0ac76 chore(deps): update actions
842e7cc feat: update for goreleaser v2.7
d28c982 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 (#482)
Additional commits viewable in compare view

Updates AButler/upload-release-assets from 2.0 to 3.0

Release notes

Sourced from AButler/upload-release-assets's releases.

Release 3.0

What's Changed

Update ci.yml by @AButler in AButler/upload-release-assets#22

adding dependabot by @Borda in AButler/upload-release-assets#24

Bump semver from 5.7.0 to 5.7.2 by @dependabot in AButler/upload-release-assets#25

Bump @actions/core from 1.10.0 to 1.10.1 by @dependabot in AButler/upload-release-assets#26

Bump fast-glob from 3.1.0 to 3.3.2 by @dependabot in AButler/upload-release-assets#27

Upgrade node to node20 by @AButler in AButler/upload-release-assets#31

Upgrade dependencies and allow release ID to be specified explicitly by @AButler in AButler/upload-release-assets#32

New Contributors

@Borda made their first contribution in AButler/upload-release-assets#24

Full Changelog: AButler/upload-release-assets@v2.0.1...v3.0

Release 2.0.2

What's Changed

Fix wrong info displayed by @Andre601 in AButler/upload-release-assets#4

Bump node-fetch from 2.6.0 to 2.6.1 by @dependabot in AButler/upload-release-assets#8

Bump node-fetch from 2.6.1 to 2.6.7 by @dependabot in AButler/upload-release-assets#14

Bump glob-parent from 5.1.0 to 5.1.2 by @dependabot in AButler/upload-release-assets#11

Bump @actions/core from 1.0.0 to 1.2.6 by @dependabot in AButler/upload-release-assets#9

Bump @actions/core from 1.2.6 to 1.9.1 by @dependabot in AButler/upload-release-assets#15

Dependency Updates by @coreybutler in AButler/upload-release-assets#16

Run npm build by @NotMyFault in AButler/upload-release-assets#17

New Contributors

@Andre601 made their first contribution in AButler/upload-release-assets#4

@dependabot made their first contribution in AButler/upload-release-assets#8

@coreybutler made their first contribution in AButler/upload-release-assets#16

@NotMyFault made their first contribution in AButler/upload-release-assets#17

Full Changelog: AButler/upload-release-assets@v2.0...v2.0.2

Commits

3d6774f Commit node_modules for release branch
1a6b21b Merge pull request #32 from AButler/upgrade-dependencies
ef89156 Add all-my-contributors to README.md
326df14 docs: add @NotMyFault as a contributor
71be017 docs: add @Borda as a contributor
3a506db docs: add @coreybutler as a contributor
560aa24 docs: add @Andre601 as a contributor
e63838e docs: add @dependabot[bot] as a contributor
431c97d docs: add @AButler as a contributor
2987c0e Added release link
Additional commits viewable in compare view

Updates sonatype-nexus-community/nancy-github-action from 1.0.2 to 1.0.3

Commits

726e338 typo
78b1498 feat: authenticate github API calls (#12)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 7 updates: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `3` | `5` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.5.1` | `7.0.0` | | [Zenithar/gh-gomod-generate-sbom](https://github.com/zenithar/gh-gomod-generate-sbom) | `1.0.1` | `1.0.3` | | [Apple-Actions/import-codesign-certs](https://github.com/apple-actions/import-codesign-certs) | `3` | `5` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.0.0` | `6.3.0` | | [AButler/upload-release-assets](https://github.com/abutler/upload-release-assets) | `2.0` | `3.0` | | [sonatype-nexus-community/nancy-github-action](https://github.com/sonatype-nexus-community/nancy-github-action) | `1.0.2` | `1.0.3` | Updates `actions/setup-go` from 3 to 5 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v3...v5) Updates `golangci/golangci-lint-action` from 6.5.1 to 7.0.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@4696ba8...1481404) Updates `Zenithar/gh-gomod-generate-sbom` from 1.0.1 to 1.0.3 - [Release notes](https://github.com/zenithar/gh-gomod-generate-sbom/releases) - [Commits](Zenithar/gh-gomod-generate-sbom@cd97098...2cdc82f) Updates `Apple-Actions/import-codesign-certs` from 3 to 5 - [Release notes](https://github.com/apple-actions/import-codesign-certs/releases) - [Commits](Apple-Actions/import-codesign-certs@63fff01...cfd6eb3) Updates `goreleaser/goreleaser-action` from 6.0.0 to 6.3.0 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@286f3b1...9c156ee) Updates `AButler/upload-release-assets` from 2.0 to 3.0 - [Release notes](https://github.com/abutler/upload-release-assets/releases) - [Commits](AButler/upload-release-assets@ec6d326...3d6774f) Updates `sonatype-nexus-community/nancy-github-action` from 1.0.2 to 1.0.3 - [Release notes](https://github.com/sonatype-nexus-community/nancy-github-action/releases) - [Commits](sonatype-nexus-community/nancy-github-action@aae1964...726e338) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: Zenithar/gh-gomod-generate-sbom dependency-version: 1.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: Apple-Actions/import-codesign-certs dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: goreleaser/goreleaser-action dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: AButler/upload-release-assets dependency-version: '3.0' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sonatype-nexus-community/nancy-github-action dependency-version: 1.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 21, 2025

dependabot bot requested a review from fin09pcap as a code owner April 21, 2025 23:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions group with 7 updates #347

chore(deps): bump the github-actions group with 7 updates #347

dependabot bot commented on behalf of github Apr 21, 2025

chore(deps): bump the github-actions group with 7 updates #347

Are you sure you want to change the base?

chore(deps): bump the github-actions group with 7 updates #347

Conversation

dependabot bot commented on behalf of github Apr 21, 2025

v5.0.0

What's Changed

New Contributors

v4.2.1

What's Changed

v4.2.0

What's Changed

v4.1.0

What's Changed

New Contributors

v7.0.0

What's Changed

Changes

Documentation

Dependencies

New Contributors

v6.5.2

What's Changed

Changes

Dependencies

v5.0.0

What's Changed

New Contributors

v4.0.1

What's Changed

v6.3.0

v6.2.1

What's Changed

v6.2.0

What's Changed

v6.1.0

What's Changed

New Contributors

Release 3.0

What's Changed

New Contributors

Release 2.0.2

What's Changed

New Contributors