Skip to content

🌱 Bump the github-actions group with 4 updates#957

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/main/github-actions-a37f586b58
Open

🌱 Bump the github-actions group with 4 updates#957
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/main/github-actions-a37f586b58

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Bumps the github-actions group with 4 updates: actions/setup-go, tj-actions/changed-files, softprops/action-gh-release and zizmorcore/zizmor-action.

Updates actions/setup-go from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

Full Changelog: actions/setup-go@v6...v6.4.0

Commits

Updates tj-actions/changed-files from 47.0.4 to 47.0.5

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.5

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.4...v47.0.5

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.5 - (2026-03-03)

🔄 Update

  • Updated README.md (#2805)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (35dace0) - (github-actions[bot])

  • Updated README.md (#2803)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (9ee99eb) - (github-actions[bot])

⚙️ Miscellaneous Tasks

  • deps-dev: Bump @​types/node from 25.3.2 to 25.3.3 (#2814) (22103cc) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.32.4 to 4.32.5 (#2815) (6c02e90) - (dependabot[bot])
  • deps-dev: Bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#2764) (05f9457) - (dependabot[bot])
  • deps: Bump lodash and @​types/lodash (#2807) (52ed872) - (dependabot[bot])
  • deps: Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#2774) (1cc5746) - (dependabot[bot])
  • deps-dev: Bump prettier from 3.7.4 to 3.8.1 (#2775) (de2962f) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.32.2 to 4.32.4 (#2806) (37e96cc) - (dependabot[bot])
  • deps-dev: Bump eslint-plugin-jest from 29.12.1 to 29.15.0 (#2799) (2180b0f) - (dependabot[bot])
  • deps: Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2809) (cf021c1) - (dependabot[bot])
  • deps: Bump actions/download-artifact from 7.0.0 to 8.0.0 (#2810) (b54ac6f) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 25.2.2 to 25.3.2 (#2811) (0f2a510) - (dependabot[bot])

⬆️ Upgrades

  • Upgraded to v47.0.4 (#2802)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (b7ac303) - (github-actions[bot])

47.0.4 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.6 (#2801) (7dee1b0) - (Tonye Jack)

47.0.3 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.0 (#2800) (28b28f6) - (Tonye Jack)

⚙️ Miscellaneous Tasks

  • deps: Bump github/codeql-action from 4.31.10 to 4.32.2 (#2790) (875e6e5) - (dependabot[bot])

... (truncated)

Commits
  • 22103cc chore(deps-dev): bump @​types/node from 25.3.2 to 25.3.3 (#2814)
  • 6c02e90 chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#2815)
  • 05f9457 chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#2764)
  • 52ed872 chore(deps): bump lodash and @​types/lodash (#2807)
  • 1cc5746 chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#2774)
  • de2962f chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 (#2775)
  • 37e96cc chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 (#2806)
  • 2180b0f chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 (#2799)
  • cf021c1 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2809)
  • b54ac6f chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#2810)
  • Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.5.0 to 2.6.1

Release notes

Sourced from softprops/action-gh-release's releases.

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

v2.5.3

2.5.3 is a patch release focused on the remaining path-handling and release-selection bugs uncovered after 2.5.2. It fixes [#639](https://github.com/softprops/action-gh-release/issues/639), [#571](https://github.com/softprops/action-gh-release/issues/571), [#280](https://github.com/softprops/action-gh-release/issues/280), [#614](https://github.com/softprops/action-gh-release/issues/614), [#311](https://github.com/softprops/action-gh-release/issues/311), [#403](https://github.com/softprops/action-gh-release/issues/403), and [#368](https://github.com/softprops/action-gh-release/issues/368). It also adds documentation clarifications for [#541](https://github.com/softprops/action-gh-release/issues/541), [#645](https://github.com/softprops/action-gh-release/issues/645), [#542](https://github.com/softprops/action-gh-release/issues/542), [#393](https://github.com/softprops/action-gh-release/issues/393), and [#411](https://github.com/softprops/action-gh-release/issues/411), where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

2.5.3

2.5.3 is a patch release focused on the remaining path-handling and release-selection bugs uncovered after 2.5.2. It fixes [#639](https://github.com/softprops/action-gh-release/issues/639), [#571](https://github.com/softprops/action-gh-release/issues/571), [#280](https://github.com/softprops/action-gh-release/issues/280), [#614](https://github.com/softprops/action-gh-release/issues/614), [#311](https://github.com/softprops/action-gh-release/issues/311), [#403](https://github.com/softprops/action-gh-release/issues/403), and [#368](https://github.com/softprops/action-gh-release/issues/368). It also adds documentation clarifications for [#541](https://github.com/softprops/action-gh-release/issues/541), [#645](https://github.com/softprops/action-gh-release/issues/645), [#542](https://github.com/softprops/action-gh-release/issues/542), [#393](https://github.com/softprops/action-gh-release/issues/393), and [#411](https://github.com/softprops/action-gh-release/issues/411), where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

... (truncated)

Commits

Updates zizmorcore/zizmor-action from 0.5.0 to 0.5.2

Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.2

What's Changed

  • zizmor 1.23.1 is now the default used by this action.

Full Changelog: zizmorcore/zizmor-action@v0.5.1...v0.5.2

v0.5.1

What's Changed

  • zizmor 1.23.0 is now the default used by this action.

Full Changelog: zizmorcore/zizmor-action@v0.5.0...v0.5.1

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
🌱 Bump the github-actions group with 4 updates
4d891d2 
Bumps the github-actions group with 4 updates: [actions/setup-go](https://github.com/actions/setup-go), [tj-actions/changed-files](https://github.com/tj-actions/changed-files), [softprops/action-gh-release](https://github.com/softprops/action-gh-release) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action).


Updates `actions/setup-go` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4b73464...4a36011)

Updates `tj-actions/changed-files` from 47.0.4 to 47.0.5
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@7dee1b0...22103cc)

Updates `softprops/action-gh-release` from 2.5.0 to 2.6.1
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@a06a81a...153bb8e)

Updates `zizmorcore/zizmor-action` from 0.5.0 to 0.5.2
- [Release notes](https://github.com/zizmorcore/zizmor-action/releases)
- [Commits](zizmorcore/zizmor-action@0dce257...71321a2)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: tj-actions/changed-files
  dependency-version: 47.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: zizmorcore/zizmor-action
  dependency-version: 0.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Apr 1, 2026
@metal3-io-bot
Copy link
Copy Markdown
Contributor

metal3-io-bot commented Apr 1, 2026

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a metal3-io member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@metal3-io-bot metal3-io-bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Apr 1, 2026
@tuminoid
Copy link
Copy Markdown
Member

tuminoid commented Apr 1, 2026

/hold
Need to get rid of the superfluous release action first. I'll do that next week, and then rebase this.

@metal3-io-bot metal3-io-bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 1, 2026
Rozzii
Rozzii reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Rozzii Rozzii left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just to not forget it after it is re-based.
/approve

@metal3-io-bot
Copy link
Copy Markdown
Contributor

metal3-io-bot commented Apr 1, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Rozzii

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@metal3-io-bot metal3-io-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 1, 2026
@Rozzii Rozzii moved this to Ironic-image WIP in Metal3 - Roadmap Apr 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Rozzii Rozzii Rozzii left review comments

@dtantsur dtantsur Awaiting requested review from dtantsur

@tuminoid tuminoid Awaiting requested review from tuminoid

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

Metal3 - Roadmap
Status: Ironic-image WIP

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@metal3-io-bot @tuminoid @Rozzii