Skip to content

ci(deps): bump the github-actions group across 1 directory with 9 updates#283

Merged
fgogolli merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-5273c755a3
Jul 6, 2026
Merged

ci(deps): bump the github-actions group across 1 directory with 9 updates#283
fgogolli merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-5273c755a3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 9 updates in the / directory:

Package From To
actions/cache 5.0.5 6.1.0
docker/setup-buildx-action 4.1.0 4.2.0
docker/login-action 4.2.0 4.4.0
actions/setup-python 6.2.0 6.3.0
actions/setup-go 6.4.0 6.5.0
trufflesecurity/trufflehog 3.95.6 3.95.8
astral-sh/setup-uv 8.2.0 8.3.0
python-semantic-release/python-semantic-release 10.5.3 10.6.0
python-semantic-release/publish-action 10.5.3 10.6.0

Updates actions/cache from 5.0.5 to 6.1.0

Release notes

Sourced from actions/cache's releases.

v6.1.0

What's Changed

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR feedback
  • 6074912 Rebuild dist bundles as ESM to match type:module
  • 5a912e8 Fix lint and jest issues
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.2.0

Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0

Commits
  • bb05f3f Merge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 321c814 [dependabot skip] chore: update generated content
  • b9a36ef build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • ebeab24 Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 5c7b8ae [dependabot skip] chore: update generated content
  • 037e618 build(deps): bump undici from 6.25.0 to 6.27.0
  • 66080e5 Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 409aef0 Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 49c6e42 build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 2211273 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/login-action from 4.2.0 to 4.4.0

Release notes

Sourced from docker/login-action's releases.

v4.4.0

Full Changelog: docker/login-action@v4.3.0...v4.4.0

v4.3.0

Full Changelog: docker/login-action@v4.2.0...v4.3.0

Commits
  • af1e73f Merge pull request #1034 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...
  • da722bd [dependabot skip] chore: update generated content
  • 2916ad6 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • ca0a662 Merge pull request #1035 from crazy-max/fix-registry-auth-empty-mask
  • c455755 chore: update generated content
  • 4835190 skip empty registry-auth secret mask
  • 992421c Merge pull request #1033 from docker/dependabot/github_actions/docker/bake-ac...
  • b249b43 Merge pull request #1032 from docker/dependabot/github_actions/docker/bake-ac...
  • 1b67977 build(deps): bump docker/bake-action from 7.2.0 to 7.3.0
  • 9d49d6a build(deps): bump docker/bake-action/subaction/matrix
  • Additional commits viewable in compare view

Updates actions/setup-python from 6.2.0 to 6.3.0

Release notes

Sourced from actions/setup-python's releases.

v6.3.0

What's Changed

Enhancement

Dependency update

Documentation

New Contributors

Full Changelog: actions/setup-python@v6...v6.3.0

Commits

Updates actions/setup-go from 6.4.0 to 6.5.0

Release notes

Sourced from actions/setup-go's releases.

v6.5.0

What's Changed

Dependency update

New Contributors

Full Changelog: actions/setup-go@v6...v6.5.0

Commits

Updates trufflesecurity/trufflehog from 3.95.6 to 3.95.8

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.95.8

What's Changed

Full Changelog: trufflesecurity/trufflehog@v3.95.7...v3.95.8

v3.95.7

What's Changed

New Contributors

Full Changelog: trufflesecurity/trufflehog@v3.95.6...v3.95.7

Commits
  • 00155c9 Include encoded resume info instead of clobbering it (#5110)
  • 4d3a66f fixed syntax error (#5109)
  • 797f02b [INS-334] Octopus Deploy detector (#4787)
  • 7f04a89 [INS-465] Skip unverified JWT Detector results when feature flag is enabled (...
  • 459d5a7 Add prometheus metrics for engine channels and workers (#5095)
  • f38f8f7 fix(azuresastoken): match SAS tokens regardless of parameter order (#5043)
  • 6261f5c removed "unauthorized" as exception for rotated graphana secrets (#5068)
  • f446421 [INS-407] Fixed AWS detector producing non deterministic output (#4836)
  • 885fa2d [INS-197] Add redhatpyxis api key detector (#4995)
  • c09d726 [INS-497] Add Pganalyze Read Key Detector (#4993)
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 8.2.0 to 8.3.0

Commits
  • d31148d Strip environment markers from detected uv dependency pins (#938)
  • 17c3989 Fix cache keys for Python version ranges (#937)
  • 3cc3c11 chore(deps): roll up Dependabot updates (#936)
  • 9225f84 chore(deps): bump release-drafter/release-drafter from 7.3.1 to 7.4.0 (#924)
  • fc16fa3 chore(deps): bump actions/checkout from 6.0.2 to 7.0.0 (#926)
  • a1a7345 ci: call docs update workflow from release (#933)
  • a5e9cbf docs: update version references to v8.2.0 (#932)
  • c5680ec chore: update known checksums for 0.11.26 (#930)
  • c86fe4e Add a threat model for setup-uv (#923)
  • 224c887 chore: update known checksums for 0.11.25 (#929)
  • Additional commits viewable in compare view

Updates python-semantic-release/python-semantic-release from 10.5.3 to 10.6.0

Release notes

Sourced from python-semantic-release/python-semantic-release's releases.

v10.6.0 (2026-07-04)

This release is published under the MIT License.

✨ Features

  • cmd-version: Add file replacement variant for version_variables (PR#1391, 95ce7ec)

  • parser-emoji: Adds more non-release triggering emojis to the default emoji parser (PR#1410, 2833aa9)

🪲 Bug Fixes

  • cmd-config-generate: Fix config output for Microsoft Windows UTF-8 encoding (PR#1400, 0343194)

  • cmd-publish: Fix handling of asset uploading errors on publish (PR#1397, 81a0f98)

  • github: Fix bubble up errors of asset uploads for GitHub (PR#1397, 81a0f98)

  • hvcs: Mask git credential URL in very verbose debug logs (PR#1445, 811afb0)

📖 Documentation

  • cmd-config-generate: Add Windows PowerShell specific generate-config usage example (PR#1400, 0343194)

  • configuration: Modify version_variables definition to include new file replacement (PR#1391, 95ce7ec)

  • examples: Update references to github actions for hash references (PR#1449, 873da58)

  • package: Change package changelog link to doc website (PR#1434, 05f897f)

✅ Resolved Issues

  • #702: semantic-release generate-config --pyproject produces unreadable toml on Windows

  • #1375: Allow updates to version file containing only a version

  • #1395: [bug] Silently ignores auth error on GitHub publish

  • #1426: Git credentials are logged with very verbose (-vv) logging


Detailed Changes: v10.5.3...v10.6.0


Installable artifacts are available from:

... (truncated)

Changelog

Sourced from python-semantic-release/python-semantic-release's changelog.

.. _changelog:

========= CHANGELOG

.. _changelog-v10.6.0:

v10.6.0 (2026-07-04)

✨ Features

  • cmd-version: Add file replacement variant for version_variables, closes [#1375](https://github.com/python-semantic-release/python-semantic-release/issues/1375)_ (PR#1391, 95ce7ec)

  • parser-emoji: Adds more non-release triggering emojis to the default emoji parser (PR#1410, 2833aa9)

🪲 Bug Fixes

  • cmd-config-generate: Fix config output for Microsoft Windows UTF-8 encoding, closes [#702](https://github.com/python-semantic-release/python-semantic-release/issues/702)_ (PR#1400, 0343194)

  • cmd-publish: Fix handling of asset uploading errors on publish, closes [#1395](https://github.com/python-semantic-release/python-semantic-release/issues/1395)_ (PR#1397, 81a0f98)

  • github: Fix bubble up errors of asset uploads for GitHub (PR#1397, 81a0f98)

  • hvcs: Mask git credential URL in very verbose debug logs, closes [#1426](https://github.com/python-semantic-release/python-semantic-release/issues/1426)_ (PR#1445, 811afb0)

📖 Documentation

  • cmd-config-generate: Add Windows PowerShell specific generate-config usage example (PR#1400, 0343194)

  • configuration: Modify version_variables definition to include new file replacement (PR#1391, 95ce7ec)

  • examples: Update references to github actions for hash references (PR#1449, 873da58)

  • package: Change package changelog link to doc website (PR#1434, 05f897f)

.. _#1375: python-semantic-release/python-semantic-release#1375 .. _#1395: python-semantic-release/python-semantic-release#1395 .. _#1426: python-semantic-release/python-semantic-release#1426

... (truncated)

Commits
  • 37a30a7 chore: release v10.6.0
  • 811afb0 fix(hvcs): mask git credential URL in very verbose debug logs (#1445)
  • 05f897f docs(package): change package changelog link to doc website (#1434)
  • 873da58 docs(examples): update references to github actions for hash references (#1449)
  • 6f1c12f ci(deps): bump pypa/gh-action-pypi-publish@v1.13.0 to v1.14.0
  • 33fa72b ci(deps): bump mikepenz/action-junit-report@v6.0.1 to v6.4.2
  • db240e1 ci(deps): bump tj-actions/changed-files@v47.0.1 to v47.0.6
  • cee77b9 ci(deps): bump docker/build-push-action@v6.18.0 to v7.3.0
  • bfacbd5 ci(deps): bump actions/upload-artifact@v6.0.0 to v7.0.1
  • a432ae8 ci(deps): bump actions/download-artifact@v7.0.0 to v8.0.1
  • Additional commits viewable in compare view

Updates python-semantic-release/publish-action from 10.5.3 to 10.6.0

Release notes

Sourced from python-semantic-release/publish-action's releases.

v10.6.0 (2026-07-04)

Build System

  • deps: Bump python-semantic-release from v10.5.3 to v10.6.0 (#101, 4f3c5d7)

Detailed Changes: v10.5.3...v10.6.0

Commits
  • 4f3c5d7 build(deps): bump python-semantic-release from v10.5.3 to v10.6.0 (#101)
  • 87d3b53 ci(deps): bump python-semantic-release@v10.5.3 action to v10.6.0 (#102)
  • 40d803c ci(deps): bump tj-actions/changed-files@v47.0.1 to v47.0.6 (#102)
  • d3cd1c6 ci(deps): bump docker/build-push-action@v6.18.0 to v7.3.0 (#102)
  • 6a89ec3 ci(deps): bump actions/checkout@v6.0.1 to v7.0.0 (#102)
  • 0907ba0 ci(deps): bump actions/stale@v10.1.1 to v10.3.0 (#102)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…ates

Bumps the github-actions group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.1.0` | `4.2.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.4.0` |
| [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.4.0` | `6.5.0` |
| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.95.6` | `3.95.8` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `8.2.0` | `8.3.0` |
| [python-semantic-release/python-semantic-release](https://github.com/python-semantic-release/python-semantic-release) | `10.5.3` | `10.6.0` |
| [python-semantic-release/publish-action](https://github.com/python-semantic-release/publish-action) | `10.5.3` | `10.6.0` |



Updates `actions/cache` from 5.0.5 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...55cc834)

Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@d7f5e7f...bb05f3f)

Updates `docker/login-action` from 4.2.0 to 4.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@650006c...af1e73f)

Updates `actions/setup-python` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a309ff8...ece7cb0)

Updates `actions/setup-go` from 6.4.0 to 6.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4a36011...924ae3a)

Updates `trufflesecurity/trufflehog` from 3.95.6 to 3.95.8
- [Release notes](https://github.com/trufflesecurity/trufflehog/releases)
- [Commits](trufflesecurity/trufflehog@30d5bb9...00155c9)

Updates `astral-sh/setup-uv` from 8.2.0 to 8.3.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@fac544c...d31148d)

Updates `python-semantic-release/python-semantic-release` from 10.5.3 to 10.6.0
- [Release notes](https://github.com/python-semantic-release/python-semantic-release/releases)
- [Changelog](https://github.com/python-semantic-release/python-semantic-release/blob/master/CHANGELOG.rst)
- [Commits](python-semantic-release/python-semantic-release@350c48f...37a30a7)

Updates `python-semantic-release/publish-action` from 10.5.3 to 10.6.0
- [Release notes](https://github.com/python-semantic-release/publish-action/releases)
- [Changelog](https://github.com/python-semantic-release/publish-action/blob/main/releaserc.toml)
- [Commits](python-semantic-release/publish-action@310a998...4f3c5d7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-go
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: trufflesecurity/trufflehog
  dependency-version: 3.95.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: python-semantic-release/python-semantic-release
  dependency-version: 10.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: python-semantic-release/publish-action
  dependency-version: 10.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code labels Jul 5, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 5, 2026 10:10
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code labels Jul 5, 2026
@fgogolli fgogolli merged commit 3f12e18 into main Jul 6, 2026
34 checks passed
@fgogolli fgogolli deleted the dependabot/github_actions/github-actions-5273c755a3 branch July 6, 2026 08:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github-actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant