chore(deps): bump the dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the dependencies group with 5 updates in the / directory:

Package	From	To
Kesin11/actions-timeline	3.0.0	3.1.0
github/gh-aw-actions	0.65.2	0.69.3
actions/github-script	8.0.0	9.0.0
actions/create-github-app-token	3.0.0	3.1.1
azure/setup-kubectl	5.0.0	5.1.0

Updates Kesin11/actions-timeline from 3.0.0 to 3.1.0

Release notes

Sourced from Kesin11/actions-timeline's releases.

v3.1.0

v3.1.0

What's New in v3.1.0

New Feature: Expand Composite Action Steps

Two new inputs have been added to provide deeper visibility into composite actions.

expand-composite-actions

When set to true, composite action steps are expanded in the timeline, showing each internal step individually prefixed with (sub). This makes it easy to see exactly where time is being spent inside a composite action.

Note: This option requires additional API calls to fetch job logs and workflow files, which may slightly increase execution time. Nested local composite actions (uses: ./.github/actions/...) are not expanded.

- uses: Kesin11/actions-timeline@v3
  with:
    expand-composite-actions: true

expand-composite-actions-threshold

Controls the duration threshold (in seconds) for expanding composite action steps. Only steps whose total duration meets or exceeds this value will be expanded, keeping the chart readable for fast-running steps. Default is 20 seconds.

- uses: Kesin11/actions-timeline@v3
  with:
    expand-composite-actions: true
    expand-composite-actions-threshold: 10  # Expand steps that take 10s or more

Try it out

You can quickly verify the output using the CLI:

deno run -A cli.ts --token "$(gh auth token)" \
  --expand-composite-actions true \
  --expand-composite-actions-threshold=1 \
  https://github.com/Kesin11/actions-timeline/actions/runs/24601385050 \
  -o actions_timeline.md

The generated actions_timeline.md will contain a Mermaid gantt chart like this - composite action steps such as denoland/setup-deno@v1 and actions/setup-node@v6 are shown as (sub) entries alongside the parent step bar:

```mermaid
</tr></table> 

... (truncated)

Commits

• 44c9c17 Keep composite parent bars in expanded gantt output (#304)
• 8d8e0bd chore(deps): update actions/github-script action to v9 (#322)
• 8dc7454 deno task bundle
• 46a3448 chore(deps): update dependency deno to v2.7.12 (#321)
• ac04330 Always expand composite actions in run_self job for dogfooding
• 36626aa Fix gantt typing for gha-utils 0.3.0
• 061e226 Remove redundant number field in composite sub-step expansion
• d1d0f9c Improve composite sub-step gantt alignment
• 3776bba Keep composite parent bars in gantt expansion
• dd1a001 chore(deps): update dependency esbuild to v0.28.0 (#320)
• Additional commits viewable in compare view

Updates github/gh-aw-actions from 0.65.2 to 0.69.3

Release notes

Sourced from github/gh-aw-actions's releases.

v0.69.3

Sync of actions from gh-aw at v0.69.3.

v0.69.2

Sync of actions from gh-aw at v0.69.2.

v0.69.1

Sync of actions from gh-aw at v0.69.1.

v0.69.0

Sync of actions from gh-aw at v0.69.0.

v0.68.7

Sync of actions from gh-aw at v0.68.7.

v0.68.6

Sync of actions from gh-aw at v0.68.6.

v0.68.5

Sync of actions from gh-aw at v0.68.5.

v0.68.4

Sync of actions from gh-aw at v0.68.4.

v0.68.3

Sync of actions from gh-aw at v0.68.3.

v0.68.2

Sync of actions from gh-aw at v0.68.2.

v0.68.1

Sync of actions from gh-aw at v0.68.1.

v0.68.0

Sync of actions from gh-aw at v0.68.0.

v0.67.4

Sync of actions from gh-aw at v0.67.4.

v0.67.3

Sync of actions from gh-aw at v0.67.3.

v0.67.2

Sync of actions from gh-aw at v0.67.2.

v0.67.1

Sync of actions from gh-aw at v0.67.1.

v0.67.0

Sync of actions from gh-aw at v0.67.0.

... (truncated)

Commits

• 006ffd8 chore: sync actions from gh-aw@v0.69.3 (#84)
• df8ea9e chore: remove setup/js/package-lock.json from sync output (#83)
• dca90ca Enhance README with issues and feature requests link
• 8825c3e chore: sync actions from gh-aw@v0.69.1 (#82)
• 81b86c5 chore: sync actions from gh-aw@v0.69.0 (#81)
• f528028 chore: sync actions from gh-aw@v0.68.6 (#79)
• ed10714 chore: sync actions from gh-aw@v0.68.5 (#78)
• 57583df chore: sync actions from gh-aw@v0.68.4 (#77)
• abea67e chore: sync actions from gh-aw@v0.68.3 (#76)
• 2326d7e chore: sync actions from gh-aw@v0.68.2 (#75)
• Additional commits viewable in compare view

Updates actions/github-script from 8.0.0 to 9.0.0

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

• getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
• Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

• require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
• getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
• If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

• Add ACTIONS_ORCHESTRATION_ID to user-agent string by @​Copilot in actions/github-script#695
• ci: use deployment: false for integration test environments by @​salmanmkc in actions/github-script#712
• feat!: add getOctokit to script context, upgrade @​actions/github v9, @​octokit/core v7, and related packages by @​salmanmkc in actions/github-script#700

New Contributors

• @​Copilot made their first contribution in actions/github-script#695

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits

• 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
• ca10bbd fix: use @​octokit/core/types import for v7 compatibility
• 86e48e2 merge: incorporate main branch changes
• c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
• afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
• ff8117e ci: fix user-agent test to handle orchestration ID
• 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
• 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
• c17d55b ci: add getOctokit integration test job
• a047196 test: add getOctokit integration tests via callAsyncFunction
• Additional commits viewable in compare view

Updates actions/create-github-app-token from 3.0.0 to 3.1.1

Release notes

Sourced from actions/create-github-app-token's releases.

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

• improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

• deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

• add client-id input and deprecate app-id (#353) (e6bd4e6)
• update permission inputs (#358) (076e948)

Commits

• 1b10c78 build(release): 3.1.1 [skip ci]
• 07e2b76 fix: improve error message when app identifier is empty (#362)
• ea01216 ci: remove publish-immutable-action workflow (#361)
• 7bd0371 build(release): 3.1.0 [skip ci]
• e6bd4e6 feat: add client-id input and deprecate app-id (#353)
• 076e948 feat: update permission inputs (#358)
• 3bbe07d fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
• 28a99e3 build(deps-dev): bump c8 from 10.1.3 to 11.0.0
• 4df5060 build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
• 4843c53 build(deps-dev): bump the development-dependencies group with 3 updates
• See full diff in compare view

Updates azure/setup-kubectl from 5.0.0 to 5.1.0

Release notes

Sourced from azure/setup-kubectl's releases.

v5.1.0

Changed

• #243 Migrate to ESM with esbuild and vitest
  • Replaced @vercel/ncc with esbuild for ESM bundling
  • Replaced jest/ts-jest with vitest for testing
  • Upgraded @actions/core to ^3.0.0, @actions/exec to ^3.0.0, @actions/tool-cache to ^4.0.0
  • Updated tsconfig.json to NodeNext module resolution
• Add npm run build step to CI unit-tests workflow

Security

• #242 Bump picomatch
• #244 Bump handlebars from 4.7.8 to 4.7.9
• #247 Bump vite from 8.0.3 to 8.0.5
• #245 Bump github/codeql-action in CI workflows

Changelog

Sourced from azure/setup-kubectl's changelog.

Changelog

[5.1.0] - 2026-04-11

Changed

• #243 Migrate to ESM with esbuild and vitest
  • Replaced @vercel/ncc with esbuild for ESM bundling
  • Replaced jest/ts-jest with vitest for testing
  • Upgraded @actions/core to ^3.0.0, @actions/exec to ^3.0.0, @actions/tool-cache to ^4.0.0
  • Updated tsconfig.json to NodeNext module resolution
• Add npm run build step to CI unit-tests workflow

Security

• #242 Bump picomatch
• #244 Bump handlebars from 4.7.8 to 4.7.9
• #247 Bump vite from 8.0.3 to 8.0.5
• #245 Bump github/codeql-action in CI workflows

[5.0.0] - 2026-03-25

Changed

• #233 Update Node.js runtime from node20 to node24
• #228 Replace cdn.dl.k8s.io with dl.k8s.io
• #219 Remove download redirects, use cdn.dl.k8s.io domain
• #190 Update stableVersionUrl to dl.k8s.io
• #235 Bump undici from 6.23.0 to 6.24.1
• #226 Bump undici and @​actions/http-client
• #230 Bump minimatch

Added

• #172 Enhance version handling: auto-resolve kubectl major.minor to latest patch
• #171 Add husky precommit check

[4.0.1] - 2025-06-17

• Remove erronious 'v' prefix on previous changelog for v4.0.0 that led to "vv4.0.0" tag issue
• Dependabot fixes

[4.0.0] - 2024-01-30

Changed

• #90 Migrate to node 20 as node 16 is deprecated

Commits

• 8293235 build
• 6522dcd release: prepare v5.1.0 (#249)
• 06b670f Bump vite from 8.0.3 to 8.0.5 (#247)
• 5f8d819 Migrate to ESM with esbuild and vitest (#243)
• 08845d9 Bump github/codeql-action in /.github/workflows in the actions group (#245)
• f59556b Bump handlebars from 4.7.8 to 4.7.9 (#244)
• 50eb415 Bump picomatch (#242)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions