Skip to content

build(deps): bump the github-actions group across 1 directory with 12 updates #56566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump the github-actions group across 1 directory with 12 updates #56566

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 21, 2025

Bumps the github-actions group with 12 updates in the / directory:

Package From To
actions/checkout 5.0.0 6.0.0
shivammathur/setup-php 2.35.4 2.35.5
actions/github-script 7.0.1 8.0.0
github/codeql-action 3.29.7 4.31.4
peter-evans/create-or-update-comment 4.0.0 5.0.0
actions/setup-node 5.0.0 6.0.0
cypress-io/github-action 6.10.2 6.10.4
actions/upload-artifact 4.6.2 5.0.0
codecov/codecov-action 5.5.0 5.5.1
LizardByte/actions 2025.814.40518 2025.1028.23217
fsfe/reuse-action 5.0.0 6.0.0
actions/stale 10.0.0 10.1.0

Updates actions/checkout from 5.0.0 to 6.0.0

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

V6.0.0

V5.0.1

V5.0.0

V4.3.1

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Updates shivammathur/setup-php from 2.35.4 to 2.35.5

Release notes

Sourced from shivammathur/setup-php's releases.

2.35.5

Changelog

  • Added support for macOS 26 based environments.
runs-on: macos-26
steps:
- name: Setup PHP
  uses: shivammathur/setup-php@v2
  • Fixed resolving tools' releases to the latest one for a version prefix in tools input. (#1000) For example, this should install the latest release of PHPUnit with 10.5 as the prefix.
- name: Setup PHP
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.1'
    tools: phpunit:10.5.x
  • Improved installing intl extension with a particular ICU versions.
- name: Setup PHP
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.4'
    extensions: intl-77.1
  • Fixed tools setup to use the new github-token input value to avoid rate limits.
- name: Setup PHP
  uses: shivammathur/setup-php@v2
  with:
    php-version: '8.4'
    tools: phpcs: 4
    github-token: ${{ secrets.GITHUB_TOKEN }}

  • Improved errors when tools fail to install. (#991)

  • Fixed warning in get function on request failure.

  • Added a fallback source for composer phar archives. (#956)

  • Added a fallback source for PPA keys. (#996)

  • Fixed opcache.jit_buffer_size config on arm environments. (#999)

... (truncated)

Commits
  • bf6b4fb Improve sorting in tools.getSemverVersion
  • 8f81967 Fix sorting in tools.getSemverVersion
  • 06512d9 Update macos-latest in README [skip ci]
  • 1c302ae Mark macOS 26 as supported [skip ci]
  • dcffe28 Fix jit config on arm
  • 6ffdb3d Bump version to 2.35.5
  • c97dacb Merge pull request #995 from shivammathur/dependabot/github_actions/develop/a...
  • 34f574e Bump actions/setup-node from 4 to 5
  • 317a051 Add fallback cache for keys in ppa.sh
  • dfcda83 Add fallback url for composer
  • Additional commits viewable in compare view

Updates actions/github-script from 7.0.1 to 8.0.0

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v7...v7.1.0

Commits
  • ed59741 Merge pull request #653 from actions/sneha-krip/readme-for-v8
  • 2dc352e Bold minimum Actions Runner version in README
  • 01e118c Update README for Node 24 runtime requirements
  • 8b222ac Apply suggestion from @​salmanmkc
  • adc0eea README for updating actions/github-script from v7 to v8
  • 20fe497 Merge pull request #637 from actions/node24
  • e7b7f22 update licenses
  • 2c81ba0 Update Node.js version support to 24.x
  • f28e40c Merge pull request #610 from actions/nebuk89-patch-1
  • 1ae9958 Update README.md
  • Additional commits viewable in compare view

Updates github/codeql-action from 3.29.7 to 4.31.4

Release notes

Sourced from github/codeql-action's releases.

v4.31.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.4 - 18 Nov 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

See the full CHANGELOG.md for more information.

v4.31.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.2 - 30 Oct 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v4.31.1

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

See the full CHANGELOG.md for more information.

v4.31.0

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.31.4 - 18 Nov 2025

No user facing changes.

4.31.3 - 13 Nov 2025

  • CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
  • Update default CodeQL bundle version to 2.23.5. #3288

4.31.2 - 30 Oct 2025

No user facing changes.

4.31.1 - 30 Oct 2025

  • The add-snippets input has been removed from the analyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.

4.31.0 - 24 Oct 2025

  • Bump minimum CodeQL bundle version to 2.17.6. #3223
  • When SARIF files are uploaded by the analyze or upload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the upload-sarif action. For analyze, this may affect Advanced Setup for CodeQL users who specify a value other than always for the upload input. #3222

4.30.9 - 17 Oct 2025

  • Update default CodeQL bundle version to 2.23.3. #3205
  • Experimental: A new setup-codeql action has been added which is similar to init, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204

4.30.8 - 10 Oct 2025

No user facing changes.

4.30.7 - 06 Oct 2025

  • [v4+ only] The CodeQL Action now runs on Node.js v24. #3169

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #3168

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

... (truncated)

Commits
  • e12f017 Merge pull request #3312 from github/update-v4.31.4-70434f6dd
  • c9cb6f9 Update changelog for v4.31.4
  • 70434f6 Merge pull request #3311 from github/mbg/deps/bump-glob
  • 528362a Bump glob to at least 11.1.0
  • de12435 Merge pull request #3308 from github/mbg/pr-template/nov25
  • ffa63f0 Merge pull request #3307 from github/dependabot/github_actions/dot-github/wor...
  • 7bcdb4b Add additional options to PR template and clarify some
  • 07eae64 Merge pull request #3303 from github/mario-campos/v3-core-warning
  • e546fff Rebuild
  • c418a0f Bump ruby/setup-ruby
  • Additional commits viewable in compare view

Updates peter-evans/create-or-update-comment from 4.0.0 to 5.0.0

Release notes

Sourced from peter-evans/create-or-update-comment's releases.

Create or Update Comment v5.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

... (truncated)

Commits
  • e8674b0 feat: v5 (#439)
  • fffe59e build(deps-dev): bump @​types/node from 18.19.127 to 18.19.129 (#438)
  • 076d572 build(deps-dev): bump @​types/node from 18.19.126 to 18.19.127 (#437)
  • 86a2645 build(deps-dev): bump @​vercel/ncc from 0.38.3 to 0.38.4 (#436)
  • be17e0c build(deps-dev): bump @​types/node from 18.19.124 to 18.19.126 (#435)
  • ef75eae build(deps-dev): bump @​types/node from 18.19.123 to 18.19.124 (#433)
  • 82a7ad0 build(deps): bump actions/setup-node from 4 to 5 (#432)
  • f7c845d build(deps-dev): bump @​types/node from 18.19.122 to 18.19.123 (#430)
  • 5da8e07 build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 (#428)
  • 2de7f66 build(deps-dev): bump @​types/node from 18.19.121 to 18.19.122 (#427)
  • Additional commits viewable in compare view

Updates actions/setup-node from 5.0.0 to 6.0.0

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

Commits

Updates cypress-io/github-action from 6.10.2 to 6.10.4

Release notes

Sourced from cypress-io/github-action's releases.

v6.10.4

6.10.4 (2025-11-05)

Bug Fixes

v6.10.3

6.10.3 (2025-10-23)

Bug Fixes

Commits
  • 7ef72e2 fix(deps): update @​vercel/ncc to 0.38.4 (#1581)
  • 2b9f78d chore(deps): update cypress to 15.6.0 (#1580)
  • 85d929a chore(deps): update validator to 13.15.20 (#1579)
  • 6fc2205 chore: add Renovate rebuild action workflow (#1577)
  • dbf32ac chore: migrate Renovate config (#1576)
  • a85ef18 ci(deps): update cycjimmy/semantic-release-action to v5 (#1564)
  • 2f0ad83 chore(deps): update dependency node to v20.19.5 (#1537)
  • df7fc89 test(deps): update cypress/browsers to v24.11.0 in example-docker (#1560)
  • 48fc3b1 chore(deps): update actions/checkout to v5 (#1559)
  • 0df54ae chore(deps): update cypress/browsers docker tag to v22.21.0 (#1532)
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 5.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits
  • 330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
  • 03f2824 Update github.dep.yml
  • 905a1ec Prepare v5.0.0
  • 2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
  • 9687587 Merge branch 'main' into patch-1
  • 2848b2c Merge pull request #727 from danwkennedy/patch-1
  • 9b51177 Spell out the first use of GHES
  • cd231ca Update GHES guidance to include reference to Node 20 version
  • de65e23 Merge pull request #712 from actions/nebuk89-patch-1
  • 8747d8c Update README.md
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.0 to 5.5.1

Release notes

Sourced from codecov/codecov-action's releases.

v5.5.1

What's Changed

New C...

Description has been truncated

@dependabot
build(deps): bump the github-actions group across 1 directory with 12…
3631c3d 
… updates

Bumps the github-actions group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.0` |
| [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.35.4` | `2.35.5` |
| [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `8.0.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.7` | `4.31.4` |
| [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) | `4.0.0` | `5.0.0` |
| [actions/setup-node](https://github.com/actions/setup-node) | `5.0.0` | `6.0.0` |
| [cypress-io/github-action](https://github.com/cypress-io/github-action) | `6.10.2` | `6.10.4` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `5.0.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.0` | `5.5.1` |
| [LizardByte/actions](https://github.com/lizardbyte/actions) | `2025.814.40518` | `2025.1028.23217` |
| [fsfe/reuse-action](https://github.com/fsfe/reuse-action) | `5.0.0` | `6.0.0` |
| [actions/stale](https://github.com/actions/stale) | `10.0.0` | `10.1.0` |



Updates `actions/checkout` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@08c6903...1af3b93)

Updates `shivammathur/setup-php` from 2.35.4 to 2.35.5
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](shivammathur/setup-php@ec406be...bf6b4fb)

Updates `actions/github-script` from 7.0.1 to 8.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@60a0d83...ed59741)

Updates `github/codeql-action` from 3.29.7 to 4.31.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3.29.7...e12f017)

Updates `peter-evans/create-or-update-comment` from 4.0.0 to 5.0.0
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](peter-evans/create-or-update-comment@71345be...e8674b0)

Updates `actions/setup-node` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@a0853c2...2028fbc)

Updates `cypress-io/github-action` from 6.10.2 to 6.10.4
- [Release notes](https://github.com/cypress-io/github-action/releases)
- [Changelog](https://github.com/cypress-io/github-action/blob/master/CHANGELOG.md)
- [Commits](cypress-io/github-action@b8ba51a...7ef72e2)

Updates `actions/upload-artifact` from 4.6.2 to 5.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...330a01c)

Updates `codecov/codecov-action` from 5.5.0 to 5.5.1
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@fdcc847...5a10915)

Updates `LizardByte/actions` from 2025.814.40518 to 2025.1028.23217
- [Release notes](https://github.com/lizardbyte/actions/releases)
- [Commits](LizardByte/actions@bff0a19...329b1bc)

Updates `fsfe/reuse-action` from 5.0.0 to 6.0.0
- [Release notes](https://github.com/fsfe/reuse-action/releases)
- [Commits](fsfe/reuse-action@bb774aa...676e2d5)

Updates `actions/stale` from 10.0.0 to 10.1.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@3a9db7e...5f858e3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: shivammathur/setup-php
  dependency-version: 2.35.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 4.31.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: peter-evans/create-or-update-comment
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: cypress-io/github-action
  dependency-version: 6.10.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: LizardByte/actions
  dependency-version: 2025.1028.23217
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: fsfe/reuse-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/stale
  dependency-version: 10.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner November 21, 2025 10:10
@dependabot dependabot bot removed the request for review from a team November 21, 2025 10:10
@dependabot dependabot bot added the 3. to review Waiting for reviews label Nov 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@yemkareems yemkareems Awaiting requested review from yemkareems yemkareems is a code owner automatically assigned from nextcloud/server-backend

@leftybournes leftybournes Awaiting requested review from leftybournes leftybournes is a code owner automatically assigned from nextcloud/server-backend

@CarlSchwan CarlSchwan Awaiting requested review from CarlSchwan CarlSchwan is a code owner automatically assigned from nextcloud/server-backend

@come-nc come-nc Awaiting requested review from come-nc come-nc is a code owner automatically assigned from nextcloud/server-backend

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

3. to review Waiting for reviews feature: dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant