build(deps): bump the ci group across 1 directory with 14 updates #5668

dependabot · 2026-01-01T00:05:17Z

Bumps the ci group with 14 updates in the / directory:

Package	From	To
actions/checkout	`5.0.0`	`6.0.1`
fluxcd/gha-workflows/.github/workflows/backport.yaml	`0.4.0`	`0.5.0`
actions/setup-go	`6.0.0`	`6.1.0`
helm/kind-action	`1.12.0`	`1.13.0`
fluxcd/pkg	`1.22.0`	`1.24.0`
docker/setup-qemu-action	`3.6.0`	`3.7.0`
docker/setup-buildx-action	`3.11.1`	`3.12.0`
actions/upload-artifact	`4.6.2`	`6.0.0`
github/codeql-action	`3.30.5`	`4.31.9`
anchore/sbom-action	`0.20.6`	`0.21.0`
sigstore/cosign-installer	`3.10.0`	`4.0.0`
fluxcd/gha-workflows/.github/workflows/code-scan.yaml	`0.4.0`	`0.5.0`
fluxcd/gha-workflows/.github/workflows/labels-sync.yaml	`0.4.0`	`0.5.0`
peter-evans/create-pull-request	`7.0.8`	`8.0.0`

Updates actions/checkout from 5.0.0 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

... (truncated)

Commits

8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
See full diff in compare view

Updates fluxcd/gha-workflows/.github/workflows/backport.yaml from 0.4.0 to 0.5.0

Release notes

Sourced from fluxcd/gha-workflows/.github/workflows/backport.yaml's releases.

v0.5.0

What's Changed

Pin cosign to v2.6.1 by @matheuscscp in fluxcd/gha-workflows#15

Bump the actions group across 1 directory with 10 updates by @dependabot[bot] in fluxcd/gha-workflows#19

Full Changelog: fluxcd/gha-workflows@v0.4.0...v0.5.0

Commits

d76bcc3 Merge pull request #19 from fluxcd/dependabot/github_actions/actions-d2a61c8563
ddaea4b Bump the actions group across 1 directory with 10 updates
0ef1fa4 Merge pull request #15 from fluxcd/pin-cosign-v2.6.1
bfc7649 Pin cosign to v2.6.1
See full diff in compare view

Updates actions/setup-go from 6.0.0 to 6.1.0

Release notes

Sourced from actions/setup-go's releases.

v6.1.0

What's Changed

Enhancements

Fall back to downloading from go.dev/dl instead of storage.googleapis.com/golang by @nicholasngai in actions/setup-go#665

Add support for .tool-versions file and update workflow by @priya-kinthali in actions/setup-go#673

Add comprehensive breaking changes documentation for v6 by @mahabaleshwars in actions/setup-go#674

Dependency updates

Upgrade eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking changes in v6 by @dependabot in actions/setup-go#617

Upgrade actions/publish-action from 0.3.0 to 0.4.0 by @dependabot in actions/setup-go#641

Upgrade semver and @types/semver by @dependabot in actions/setup-go#652

New Contributors

@nicholasngai made their first contribution in actions/setup-go#665

@priya-kinthali made their first contribution in actions/setup-go#673

@mahabaleshwars made their first contribution in actions/setup-go#674

Full Changelog: actions/setup-go@v6...v6.1.0

Commits

4dc6199 Bump semver and @types/semver (#652)
f3787be Add comprehensive breaking changes documentation for v6 (#674)
3a0c2c8 Bump actions/publish-action from 0.3.0 to 0.4.0 (#641)
faf5242 Add support for .tool-versions file in setup-go, update workflow (#673)
7bc60db Fall back to downloading from go.dev/dl instead of storage.googleapis.com/gol...
c0137ca Bump eslint-config-prettier from 10.0.1 to 10.1.8 and document breaking chang...
See full diff in compare view

Updates helm/kind-action from 1.12.0 to 1.13.0

Release notes

Sourced from helm/kind-action's releases.

v1.13.0

What's Changed

chore: verify sha256sum of kubectl by @felix-kaestner in helm/kind-action#134

Load GITHUB_PATH in PATH to use correct binaries when creating registry by @gotha in helm/kind-action#133

feat: Add cloud provider by @waltermity in helm/kind-action#135

chore: bump kind to v0.29.0 by @pmalek in helm/kind-action#144

Bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in helm/kind-action#145

bug: respect 'install_only' action input value by @mszostok in helm/kind-action#147

bump kind and kubectl and also nodejs by @cpanato in helm/kind-action#150

New Contributors

@felix-kaestner made their first contribution in helm/kind-action#134

@gotha made their first contribution in helm/kind-action#133

@waltermity made their first contribution in helm/kind-action#135

@pmalek made their first contribution in helm/kind-action#144

@mszostok made their first contribution in helm/kind-action#147

Full Changelog: helm/kind-action@v1...v1.13.0

Commits

92086f6 bump kind and kubectl and also nodejs (#150)
7cd7463 bug: respect 'install_only' action input value (#147)
50ea670 Bump actions/checkout from 4.2.2 to 5.0.0 (#145)
b72c923 chore: bump kind to v0.29.0 (#144)
d4887be Add cloud provider (#135)
d730aaf Load GITHUB_PATH in PATH to use correct binaries when creating registry (#133)
a6dfd81 chore: verify sha256sum of kubectl (#134)
See full diff in compare view

Updates fluxcd/pkg from 1.22.0 to 1.24.0

Commits

62ddfc1 Merge pull request #1049 from fluxcd/upgrade-deps
e0b1bb5 Prepare for release
821b3c3 Upgrade k8s to 1.34.2, c-r to 0.22.4 and helm to 3.19.2
0fe2a7c Merge pull request #1047 from fluxcd/helm-3.19.1
495d699 Upgrade Helm to 3.19.1
7301068 Merge pull request #1041 from fluxcd/fix-sc-1915
c2d48e9 Prepare for release
7666900 Revert "runtime/secrets: validate proxy URL scheme and length"
413a95f Merge pull request #1039 from fluxcd/dependabot/github_actions/ci-05a7a237d9
246714f build(deps): bump the ci group with 3 updates
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3.6.0 to 3.7.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.7.0

Bump @docker/actions-toolkit from 0.56.0 to 0.67.0 in docker/setup-qemu-action#217 docker/setup-qemu-action#230

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-qemu-action#220

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-qemu-action#218

Bump tmp from 0.2.3 to 0.2.4 in docker/setup-qemu-action#221

Bump undici from 5.28.4 to 5.29.0 in docker/setup-qemu-action#219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

Commits

c7c5346 Merge pull request #230 from docker/dependabot/npm_and_yarn/docker/actions-to...
3a517a1 chore: update generated content
a5b45ed build(deps): bump @docker/actions-toolkit from 0.62.1 to 0.67.0
3a64278 Merge pull request #220 from docker/dependabot/npm_and_yarn/brace-expansion-1...
94906ba chore: update generated content
4027abf build(deps): bump brace-expansion from 1.1.11 to 1.1.12
bee0aaa Merge pull request #221 from docker/dependabot/npm_and_yarn/tmp-0.2.4
0d7e257 chore: update generated content
b869601 build(deps): bump tmp from 0.2.3 to 0.2.4
3a043ed Merge pull request #219 from docker/dependabot/npm_and_yarn/undici-5.29.0
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.11.1 to 3.12.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.12.0

Deprecate install input by @crazy-max in docker/setup-buildx-action#455

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432

Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

Commits

8d2750c Merge pull request #455 from crazy-max/install-deprecated
e81846b deprecate install input
65d18f8 Merge pull request #454 from docker/dependabot/github_actions/actions/checkout-6
000d75d build(deps): bump actions/checkout from 5 to 6
1583c0f Merge pull request #443 from nicolasleger/patch-1
ed158e7 doc: bump actions/checkout from 4 to 5
4cc794f Merge pull request #441 from docker/dependabot/github_actions/actions/checkout-5
4dfc3d6 build(deps): bump actions/checkout from 4 to 5
af1b253 Merge pull request #440 from crazy-max/k3s-build
3c6ab92 ci: k3s test with latest buildx
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Upload Artifact Node 24 support by @salmanmkc in actions/upload-artifact#719

fix: update @actions/artifact for Node.js 24 punycode deprecation by @salmanmkc in actions/upload-artifact#744

prepare release v6.0.0 for Node.js 24 support by @salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @GhadimiR in actions/upload-artifact#681

Update README.md by @nebuk89 in actions/upload-artifact#712

Readme: spell out the first use of GHES by @danwkennedy in actions/upload-artifact#727

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/upload-artifact#725

Bump @actions/artifact to v4.0.0

Prepare v5.0.0 by @danwkennedy in actions/upload-artifact#734

New Contributors

@GhadimiR made their first contribution in actions/upload-artifact#681

@nebuk89 made their first contribution in actions/upload-artifact#712

@danwkennedy made their first contribution in actions/upload-artifact#727

@patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits

b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
e516bc8 docs: correct description of Node.js 24 support in README
ddc45ed docs: update README to correct action name for Node.js 24 support
615b319 chore: release v6.0.0 for Node.js 24 support
017748b Merge pull request #744 from actions/fix-storage-blob
38d4c79 chore: rebuild dist
7d27270 chore: add missing license cache files for @actions/core, @actions/io, and mi...
5f643d3 chore: update license files for @actions/artifact@5.0.1 dependencies
1df1684 chore: update package-lock.json with @actions/artifact@5.0.1
b5b1a91 fix: update @actions/artifact to ^5.0.0 for Node.js 24 punycode fix
Additional commits viewable in compare view

Updates github/codeql-action from 3.30.5 to 4.31.9

Release notes

Sourced from github/codeql-action's releases.

v4.31.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.9 - 16 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

See the full CHANGELOG.md for more information.

v4.31.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

See the full CHANGELOG.md for more information.

v4.31.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.6 - 01 Dec 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.5 - 24 Nov 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.

Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

Bump minimum CodeQL bundle version to 2.17.6. #3223

When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

... (truncated)

Commits

5d4e8d1 Merge pull request #3371 from github/update-v4.31.9-998798e34
1dc115f Update changelog for v4.31.9
998798e Merge pull request #3352 from github/nickrolfe/jar-min-ff-cleanup
5eb7519 Merge pull request #3358 from github/henrymercer/database-upload-telemetry
d29eddb Extract version number to constant
e962687 Merge branch 'main' into henrymercer/database-upload-telemetry
19c7f96 Rename isOverlayBase
ae5de9a Use getErrorMessage in log too
0cb8633 Prefer performance.now()
c07cc0d Merge pull request #3351 from github/henrymercer/ghec-dr-determine-tools-vers...
Additional commits viewable in compare view

Updates anchore/sbom-action from 0.20.6 to 0.21.0

Release notes

Sourced from anchore/sbom-action's releases.

v0.21.0

chore(deps): update Syft to v1.39.0 (#561)

chore(deps): bump @octokit/request-error, @octokit/core and @octokit/webhooks (#560)

chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#558)

v0.20.11

Changes in v0.20.11

update Syft to v1.38.2 (anchore/sbom-action#557)

bump @octokit/plugin-paginate-rest, @actions/artifact and @actions/github (#550) [[dependabot[bot]](https://github.com/[dependabot[bot]](https://github.com/apps/dependabot))]

bump js-yaml (#552) [[dependabot[bot]](https://github.com/[dependabot[bot]](https://github.com/apps/dependabot))]

v0.20.10

Changes in v0.20.10

chore(deps): update Syft to v1.38.0 (#548) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.20.9

Changes in v0.20.9

chore(deps): update Syft to v1.36.0 (#546) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.20.8

Changes in v0.20.8

chore(deps): update Syft to v1.34.2 (#545) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.20.7

Changes in v0.20.7

chore(deps): update Syft to v1.34.1 (#544)

Commits

a930d0a chore(deps): update Syft to v1.39.0 (#561)
e4b2532 chore(deps): bump @octokit/request-error, @octokit/core and @octokit/webhooks...
481b254 chore(deps): bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#558)
43a17d6 chore(deps): update Syft to v1.38.2 (#557)
4df6110 chore(deps): bump @octokit/plugin-paginate-rest, @actions/artifact and @actio...
2df107d chore(deps): bump js-yaml (#552)
ef53eb7 chore(deps): bump actions/checkout from 5.0.0 to 6.0.1 (#555)
5758fe4 chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.11 (#556)
fbfd9c6 chore(deps): update Syft to v1.38.0 (#548)
8e94d75 chore(deps): update Syft to v1.36.0 (#546)
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.10.0 to 4.0.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

Bump default Cosign to v2.6.1 (#203)

Commits

faadad0 add support for cosign v3 releases (#201)
See full diff in compare view

Updates fluxcd/gha-workflows/.github/workflows/code-scan.yaml from 0.4.0 to 0.5.0

Release notes

Sourced from fluxcd/gha-workflows/.github/workflows/code-scan.yaml's releases.

v0.5.0

What's Changed

Pin cosign to v2.6.1 by @matheuscscp in fluxcd/gha-workflows#15

Bump the actions group across 1 directory with 10 updates by @dependabot[bot] in fluxcd/gha-workflows#19

Full Changelog: fluxcd/gha-workflows@v0.4.0...v0.5.0

Commits

d76bcc3 Merge pull request #19 from fluxcd/dependabot/github_actions/actions-d2a61c8563
ddaea4b Bump the actions group across 1 directory with 10 updates
0ef1fa4 Merge pull request #15 from fluxcd/pin-cosign-v2.6.1
bfc7649 Pin cosign to v2.6.1
See full diff in compare view

Updates fluxcd/gha-workflows/.github/workflows/labels-sync.yaml from 0.4.0 to 0.5.0

Release notes

Sourced from fluxcd/gha-workflows/.github/workflows/labels-sync.yaml's releases.

v0.5.0

What's Changed

Pin cosign to v2.6.1 by @matheuscscp in fluxcd/gha-workflows#15

Bump the actions group across 1 directory with 10 updates by @dependabot[bot] in fluxcd/gha-workflows#19

Full Changelog: fluxcd/gha-workflows@v0.4.0...v0.5.0

Commits

d76bcc3 Merge pull request #19 from fluxcd/dependabot/github_actions/actions-d2a61c8563
ddaea4b Bump the actions group across 1 directory with 10 updates
0ef1fa4 Merge pull request #15 from fluxcd/pin-cosign-v2.6.1
bfc7649 Pin cosign to v2.6.1
See full diff in compare view

Updates peter-evans/create-pull-request from 7.0.8 to 8.0.0

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.0.0

What's new in v8

Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

chore: Update checkout action version to v6 by @yonas in peter-evans/create-pull-request#4258

Update actions/checkout references to @v6 in docs by @Copilot in peter-evans/create-pull-request#4259

feat: v8 by @peter-evans in peter-evans/create-pull-request#4260

New Contributors

@yonas made their first contribution in peter-evans/create-pull-request#4258

@Copilot made their first contribution in peter-evans/create-pull-request#4259

Full Changelog: peter-evans/create-pull-request@v7.0.11...v8.0.0

Create Pull Request v7.0.11

What's Changed

fix: restrict remote prune to self-hosted runners by @peter-evans in peter-evans/create-pull-request#4250

Full Changelog: peter-evans/create-pull-request@v7.0.10...v7.0.11

Create Pull Request v7.0.10

⚙️ Fixes an issue where updating a pull request failed when targeting a forked repository with the same owner as its parent.

What's Changed

build(deps): bump the github-actions group with 2 updates by @dependabot[bot] in peter-evans/create-pull-request#4235

build(deps-dev): bump prettier from 3.6.2 to 3.7.3 in the npm group by @dependabot[bot] in peter-evans/create-pull-request#4240

fix: provider list pulls fallback for multi fork same owner by @peter-evans in peter-evans/create-pull-request#4245

New Contributors

@obnyis made their first contribution in peter-evans/create-pull-request#4064

Full Changelog: peter-evans/create-pull-request@v7.0.9...v7.0.10

Create Pull Request v7.0.9

⚙️ Fixes an incompatibility with the recently released ...
Description has been truncated

Bumps the ci group with 14 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.1` | | [fluxcd/gha-workflows/.github/workflows/backport.yaml](https://github.com/fluxcd/gha-workflows) | `0.4.0` | `0.5.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.0.0` | `6.1.0` | | [helm/kind-action](https://github.com/helm/kind-action) | `1.12.0` | `1.13.0` | | [fluxcd/pkg](https://github.com/fluxcd/pkg) | `1.22.0` | `1.24.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.6.0` | `3.7.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.11.1` | `3.12.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `6.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.30.5` | `4.31.9` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.6` | `0.21.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.10.0` | `4.0.0` | | [fluxcd/gha-workflows/.github/workflows/code-scan.yaml](https://github.com/fluxcd/gha-workflows) | `0.4.0` | `0.5.0` | | [fluxcd/gha-workflows/.github/workflows/labels-sync.yaml](https://github.com/fluxcd/gha-workflows) | `0.4.0` | `0.5.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.8` | `8.0.0` | Updates `actions/checkout` from 5.0.0 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@08c6903...8e8c483) Updates `fluxcd/gha-workflows/.github/workflows/backport.yaml` from 0.4.0 to 0.5.0 - [Release notes](https://github.com/fluxcd/gha-workflows/releases) - [Commits](fluxcd/gha-workflows@v0.4.0...v0.5.0) Updates `actions/setup-go` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@4469467...4dc6199) Updates `helm/kind-action` from 1.12.0 to 1.13.0 - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](helm/kind-action@a1b0e39...92086f6) Updates `fluxcd/pkg` from 1.22.0 to 1.24.0 - [Commits](fluxcd/pkg@bf02f0a...62ddfc1) Updates `docker/setup-qemu-action` from 3.6.0 to 3.7.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@2910929...c7c5346) Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@e468171...8d2750c) Updates `actions/upload-artifact` from 4.6.2 to 6.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...b7c566a) Updates `github/codeql-action` from 3.30.5 to 4.31.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3599b3b...5d4e8d1) Updates `anchore/sbom-action` from 0.20.6 to 0.21.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@f8bdd1d...a930d0a) Updates `sigstore/cosign-installer` from 3.10.0 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@d7543c9...faadad0) Updates `fluxcd/gha-workflows/.github/workflows/code-scan.yaml` from 0.4.0 to 0.5.0 - [Release notes](https://github.com/fluxcd/gha-workflows/releases) - [Commits](fluxcd/gha-workflows@v0.4.0...v0.5.0) Updates `fluxcd/gha-workflows/.github/workflows/labels-sync.yaml` from 0.4.0 to 0.5.0 - [Release notes](https://github.com/fluxcd/gha-workflows/releases) - [Commits](fluxcd/gha-workflows@v0.4.0...v0.5.0) Updates `peter-evans/create-pull-request` from 7.0.8 to 8.0.0 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@271a8d0...98357b1) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: fluxcd/gha-workflows/.github/workflows/backport.yaml dependency-version: 0.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: actions/setup-go dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: helm/kind-action dependency-version: 1.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: fluxcd/pkg dependency-version: 1.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/setup-qemu-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: docker/setup-buildx-action dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: actions/upload-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: github/codeql-action dependency-version: 4.31.9 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: anchore/sbom-action dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci - dependency-name: fluxcd/gha-workflows/.github/workflows/code-scan.yaml dependency-version: 0.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: fluxcd/gha-workflows/.github/workflows/labels-sync.yaml dependency-version: 0.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci - dependency-name: peter-evans/create-pull-request dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added area/ci CI related issues and pull requests dependencies Pull requests that update a dependency labels Jan 1, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

build(deps): bump the ci group across 1 directory with 14 updates #5668

build(deps): bump the ci group across 1 directory with 14 updates #5668

Uh oh!

dependabot bot commented on behalf of github Jan 1, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

build(deps): bump the ci group across 1 directory with 14 updates #5668

Are you sure you want to change the base?

build(deps): bump the ci group across 1 directory with 14 updates #5668

Uh oh!

Conversation

dependabot bot commented on behalf of github Jan 1, 2026

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

Changelog

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v0.5.0

What's Changed

v6.1.0

What's Changed

Enhancements

Dependency updates

New Contributors

v1.13.0

What's Changed

New Contributors

v3.7.0

v3.12.0

v6.0.0

v6 - What's new

Node.js 24

What's Changed

v5.0.0

What's Changed

New Contributors

v4.31.9

CodeQL Action Changelog

4.31.9 - 16 Dec 2025

v4.31.8

CodeQL Action Changelog

4.31.8 - 11 Dec 2025

v4.31.7

CodeQL Action Changelog

4.31.7 - 05 Dec 2025

v4.31.6

CodeQL Action Changelog

4.31.6 - 01 Dec 2025

v4.31.5

CodeQL Action Changelog

4.31.5 - 24 Nov 2025

CodeQL Action Changelog

[UNRELEASED]

4.31.9 - 16 Dec 2025

4.31.8 - 11 Dec 2025

4.31.7 - 05 Dec 2025

4.31.6 - 01 Dec 2025

4.31.5 - 24 Nov 2025

4.31.4 - 18 Nov 2025

4.31.3 - 13 Nov 2025

4.31.2 - 30 Oct 2025

4.31.1 - 30 Oct 2025

4.31.0 - 24 Oct 2025

v0.21.0

v0.20.11

Changes in v0.20.11

v0.20.10

Changes in v0.20.10

v0.20.9

Changes in v0.20.9

v0.20.8