Skip to content

Bump the github-action-dependencies group with 9 updates#61

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-action-dependencies-a4dc701bb0
Closed

Bump the github-action-dependencies group with 9 updates#61
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-action-dependencies-a4dc701bb0

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github May 5, 2025
edited
Loading

Bumps the github-action-dependencies group with 9 updates:

Package From To
actions/checkout 3 4
actions/setup-java 3 4
s4u/maven-settings-action 2.8.0 3.1.0
actions/create-github-app-token 1 2
crazy-max/ghaction-github-labeler 4 5
release-drafter/release-drafter 5 6
actions/setup-python 1 5
pypa/gh-action-pypi-publish 1.8.10 1.12.4
Gr1N/setup-poetry 8 9

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

... (truncated)

Commits

Updates actions/setup-java from 3 to 4

Release notes

Sourced from actions/setup-java's releases.

v4.0.0

What's Changed

In the scope of this release, the version of the Node.js runtime was updated to 20. The majority of dependencies were updated to the latest versions. From now on, the code for the setup-java will run on Node.js 20 instead of Node.js 16.

Breaking changes

Non-breaking changes

New Contributors

Full Changelog: actions/setup-java@v3...v4.0.0

v3.14.1

What's Changed

Full Changelog: actions/setup-java@v3...v3.14.1

v3.14.0

What's Changed

  • Upgrade @​action/cache to 4.0.3 by @​aparnajyothi-y in actions/setup-java#790. In scope of this release we updated actions/cache package to ensure continued support and compatibility, as older versions of the package are now deprecated. For more information please refer to the toolkit/cache.

Full Changelog: actions/setup-java@v3...v3.14.0

v3.13.0

What's changed

In the scope of this release, support for Dragonwell JDK was added by @​Accelerator1996 in actions/setup-java#532

steps:
 - name: Checkout
   uses: actions/checkout@v3
 - name: Setup-java
   uses: actions/setup-java@v3
   with:
     distribution: 'dragonwell'
     java-version: '17'

... (truncated)

Commits
  • c5195ef actions/cache upgrade to 4.0.3 (#773)
  • dd38875 Bump ts-jest from 29.1.2 to 29.2.5 (#743)
  • 148017a Bump @​actions/glob from 0.4.0 to 0.5.0 (#744)
  • 3b6c050 Remove duplicated GraalVM section in documentation (#716)
  • b8ebb8b upgrade @​action/cache from 4.0.0 to 4.0.2 (#766)
  • 799ee7c Add Documentation to Recommend Using GraalVM JDK 17 Version to 17.0.12 to Ali...
  • 3a4f6e1 Bump @​types/jest from 29.5.12 to 29.5.14 (#729)
  • 25f376e Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#727)
  • d4e4b6b Bump @​actions/http-client from 2.2.1 to 2.2.3 (#728)
  • 28b532b Create dependabot.yml (#722)
  • Additional commits viewable in compare view

Updates s4u/maven-settings-action from 2.8.0 to 3.1.0

Release notes

Sourced from s4u/maven-settings-action's releases.

v3.1.0

What's Changed

🔥 New features

🔨 Maintenance

🧰 Dependency updates

❤️ Thanks

Many thanks for collaboration on this release for: @​Gozke, @​pwoodworth and @​slawekjaranowski

v3.0.0

What's Changed

🔥 New features

  • Add support for custom repositories #319
  • Upgrade Node runtime to 20 #320
  • Use Node 20 by Action #322

🧰 Dependency updates

  • Bump eslint from 8.27.0 to 8.28.0 #259
  • Bump eslint from 8.28.0 to 8.29.0 #261
  • Bump eslint from 8.29.0 to 8.30.0 #262
  • Bump json5 from 2.2.1 to 2.2.3 #264
  • Bump eslint from 8.30.0 to 8.32.0 #265
  • Bump eslint from 8.32.0 to 8.33.0 #268
  • Bump eslint from 8.33.0 to 8.34.0 #271
  • Bump eslint from 8.34.0 to 8.35.0 #273
  • Bump eslint from 8.35.0 to 8.36.0 #275
  • Bump eslint from 8.36.0 to 8.37.0 #276
  • Bump @​xmldom/xmldom from 0.8.6 to 0.8.7 #277
  • Bump eslint from 8.37.0 to 8.38.0 #280
  • Bump eslint from 8.38.0 to 8.39.0 #281
  • Bump eslint from 8.39.0 to 8.40.0 #282

... (truncated)

Commits

Updates actions/create-github-app-token from 1 to 2

Release notes

Sourced from actions/create-github-app-token's releases.

v2.0.0

2.0.0 (2025-04-03)

BREAKING CHANGES

  • Removed deprecated inputs (app_id, private_key, skip_token_revoke) and made app-id and private-key required in the action configuration.

v1.12.0

1.12.0 (2025-03-27)

Features

v1.11.7

1.11.7 (2025-03-20)

Bug Fixes

  • deps: bump undici from 5.28.4 to 7.5.0 (#214) (a24b46a)

v1.11.6

1.11.6 (2025-03-03)

Bug Fixes

  • deps: bump the production-dependencies group with 2 updates (#210) (1ff1dea)

v1.11.5

1.11.5 (2025-02-15)

Bug Fixes

... (truncated)

Commits
  • df432ce build(release): 2.0.6 [skip ci]
  • 3336784 fix: replace - with _ (#246)
  • db3cdf4 build(release): 2.0.5 [skip ci]
  • d64d7d7 fix(deps): bump the production-dependencies group with 3 updates (#240)
  • 1b6f53e build(deps-dev): bump the development-dependencies group across 1 directory w...
  • 061a84d build(deps-dev): bump @​octokit/openapi from 18.2.0 to 19.0.0 (#242)
  • c8f34a6 build(deps): bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0 in...
  • 4821f52 build(release): 2.0.4 [skip ci]
  • 2950cbc fix: permission input handling (#243)
  • 30bf625 build(release): 2.0.3 [skip ci]
  • Additional commits viewable in compare view

Updates crazy-max/ghaction-github-labeler from 4 to 5

Release notes

Sourced from crazy-max/ghaction-github-labeler's releases.

v5.0.0

Full Changelog: crazy-max/ghaction-github-labeler@v4.2.0...v5.0.0

v4.2.0

Full Changelog: crazy-max/ghaction-github-labeler@v4.1.0...v4.2.0

v4.1.0

  • Bump @​actions/core from 1.6.0 to 1.10.0 (#170 #174)
  • Bump @​actions/github from 5.0.1 to 5.1.1 (#175)

Full Changelog: crazy-max/ghaction-github-labeler@v4.0.0...v4.1.0

Commits
  • 24d110a Merge pull request #229 from crazy-max/dependabot/npm_and_yarn/octokit/plugin...
  • 38fb29f chore: update generated content
  • 0113fc2 chore(deps): bump @​octokit/plugin-paginate-rest from 9.2.1 to 9.2.2
  • 42f774e Merge pull request #228 from crazy-max/dependabot/npm_and_yarn/octokit/reques...
  • 9983992 chore(deps): bump @​octokit/request-error from 5.1.0 to 5.1.1
  • 32d1878 Merge pull request #232 from crazy-max/dependabot/npm_and_yarn/octokit/reques...
  • 3faa845 chore: update generated content
  • 16efe04 Merge pull request #233 from crazy-max/ci-fix-codecov
  • 7f6122b ci: fix test workflow
  • 2ea799d chore(deps): bump @​octokit/request from 8.4.0 to 8.4.1
  • Additional commits viewable in compare view

Updates release-drafter/release-drafter from 5 to 6

Release notes

Sourced from release-drafter/release-drafter's releases.

v6.0.0

What's Changed

Full Changelog: release-drafter/release-drafter@v5.25.0...v6.0.0

v6.0.0-beta.1

Prerelease of v6, first release of the CLI, feel free to provide feedback in the pull request: release-drafter/release-drafter#1204

v5.25.0

What's Changed

New

Full Changelog: release-drafter/release-drafter@v5.24.0...v5.25.0

v5.24.0

What's Changed

New

Bug Fixes

Full Changelog: release-drafter/release-drafter@v5.23.0...v5.24.0

v5.23.0

What's Changed

New

Full Changelog: release-drafter/release-drafter@v5.22.0...v5.23.0

v5.22.0

What's Changed

New

... (truncated)

Commits

Updates actions/setup-python from 1 to 5

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.9.1

What's Changed

Full Changelog: actions/setup-python@v4...v4.9.1

v4.9.0

What's Changed

  • Upgrade actions/cache to 4.0.3 by @​priya-kinthali in actions/setup-python#1073 In scope of this release we updated actions/cache package to ensure continued support and compatibility, as older versions of the package are now deprecated. For more information please refer to the toolkit/cache.

Full Changelog: actions/setup-python@v4.8.0...v4.9.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py

Besides, the release contains such changes as:

New Contributors

Full Changelog: actions/setup-python@v4...v4.8.0

... (truncated)

Commits
  • a26af69 Bump ts-jest from 29.1.2 to 29.3.2 (#1081)
  • 30eafe9 Bump prettier from 2.8.8 to 3.5.3 (#1046)
  • 5d95bc1 Bump semver and @​types/semver (#1091)
  • 6ed2c67 Fix for Candidate Not Iterable Error (#1082)
  • e348410 Remove Ubuntu 20.04 from workflows due to deprecation from 2025-04-15 (#1065)
  • 8d9ed9a Add e2e Testing for free threaded and Bump @​action/cache from 4.0.0 to 4.0.3 ...
  • 19e4675 Add support for .tool-versions file in setup-python (#1043)
  • 6fd11e1 Bump @​actions/glob from 0.4.0 to 0.5.0 (#1015)
  • 9e62be8 Support free threaded Python versions like '3.13t' (#973)
  • 6ca8e85 Bump @​vercel/ncc from 0.38.1 to 0.38.3 (#1016)
  • Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.8.10 to 1.12.4

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.12.4

✨ What's Changed

The main theme of this patch release that the support for uploading PEP 639 licensing metadata to PyPI has been fixed in #327.

🛠️ Internal Updates

A few smaller updates include the attestation existence being checked earlier in the process now, listing all the violating files together, not just one (PR #315). And the lock file with the software available in runtime has been re-pinned in #329. Additionally, the CI now runs the smoke-tests against both Ubuntu 22.04 and 24.04 explicitly via da900af96347cc027433720ad4f122117645459d.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.3...v1.12.4

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​dnicolodi💰 and @​woodruffw💰 for releasing the license metadata support fix in Twine!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

GH Sponsors badge

v1.12.3

✨ What's Improved

With the updates by @​woodruffw💰 and @​webknjaz💰 via #309 and #313, it is now possible to publish [distribution packages] that include [core metadata v2.4], like those built using [maturin]. This is done by bumping Twine to v6.0.1 and pkginfo to v1.12.0.

📝 Docs

We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.

[!TIP] Please, let us know in the release discussion if anything still remains unclear. TL;DR always call [pypi-publish] once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use [pypi-publish] on a GitHub-provided infra with runs-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call [pypi-publish] from composite actions.

🛠️ Internal Updates

@​br3ndonland💰 improved the container image generation automation to include Git SHA in #301. And @​woodruffw💰 added the workflow_ref context to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the [maturin]-made dists. Additionally, jeepney and secretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.

... (truncated)

Commits
  • 76f52bc Merge pull request #329 from webknjaz/maintenance/runtime-lockfile-24-02-2025
  • 72de13b 📌 Mass-upgrade transitive dependency pins
  • 1995f2e Merge pull request #327 from webknjaz/maintenance/twine-6.1-pep639
  • 29f40bd 📦 Enable metadata 2.4 support in Twine
  • 10df67d 📦 Enable support for PEP 639 metadata
  • e0449d2 🧪 Integrate a unified alls-green GHA status
  • cebc64f 🧪 Bump setuptools in smoke test to v75.8.0
  • da900af 🧪 Run smoke tests against Ubuntu 24 and 22
  • 8cafb5c 💰 Sync the funding config
  • 916e576 Merge pull request #315 from webknjaz/refactoring/attestations-exist-bundle
  • Additional commits viewable in compare view

Updates Gr1N/setup-poetry from 8 to 9

Release notes

Sourced from Gr1N/setup-poetry's releases.

v9

  • Action updated to use Node 20
  • Support for Python 3.12
  • Breaking Change, removed support for Python 3.7
Commits
  • 48b0f77 chore: node, packages & python versions
  • 52d4d24 Update action.yml
  • 12c727a chore: move jest config to package.json
  • cce4afa chore: move prettierrc to package.json
  • b19c495 chore: move eslintrc to package.json
  • 364689e chore: move eslintignore to package.json
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • `@dependab...

Description has been truncated

@dependabot
Bump the github-action-dependencies group with 9 updates
06f7d08 
Bumps the github-action-dependencies group with 9 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `3` | `4` |
| [actions/setup-java](https://github.com/actions/setup-java) | `3` | `4` |
| [s4u/maven-settings-action](https://github.com/s4u/maven-settings-action) | `2.8.0` | `3.1.0` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `1` | `2` |
| [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) | `4` | `5` |
| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `5` | `6` |
| [actions/setup-python](https://github.com/actions/setup-python) | `1` | `5` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.8.10` | `1.12.4` |
| [Gr1N/setup-poetry](https://github.com/gr1n/setup-poetry) | `8` | `9` |


Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

Updates `actions/setup-java` from 3 to 4
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v3...v4)

Updates `s4u/maven-settings-action` from 2.8.0 to 3.1.0
- [Release notes](https://github.com/s4u/maven-settings-action/releases)
- [Commits](s4u/maven-settings-action@v2.8.0...v3.1.0)

Updates `actions/create-github-app-token` from 1 to 2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@v1...v2)

Updates `crazy-max/ghaction-github-labeler` from 4 to 5
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Commits](crazy-max/ghaction-github-labeler@v4...v5)

Updates `release-drafter/release-drafter` from 5 to 6
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](release-drafter/release-drafter@v5...v6)

Updates `actions/setup-python` from 1 to 5
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v1...v5)

Updates `pypa/gh-action-pypi-publish` from 1.8.10 to 1.12.4
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@v1.8.10...v1.12.4)

Updates `Gr1N/setup-poetry` from 8 to 9
- [Release notes](https://github.com/gr1n/setup-poetry/releases)
- [Commits](Gr1N/setup-poetry@v8...v9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: actions/setup-java
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: s4u/maven-settings-action
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: actions/create-github-app-token
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: crazy-max/ghaction-github-labeler
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: release-drafter/release-drafter
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: actions/setup-python
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: pypa/gh-action-pypi-publish
  dependency-version: 1.12.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-action-dependencies
- dependency-name: Gr1N/setup-poetry
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 5, 2025
@dependabot dependabot bot requested review from a team and BjornRoarJoneid as code owners May 5, 2025 12:49
@github-actions github-actions bot added the ci Continuous Integration label May 5, 2025
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github May 6, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this May 6, 2025
@dependabot dependabot bot deleted the dependabot/github_actions/github-action-dependencies-a4dc701bb0 branch May 6, 2025 10:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BjornRoarJoneid BjornRoarJoneid Awaiting requested review from BjornRoarJoneid BjornRoarJoneid is a code owner

Assignees

No one assigned

Labels

ci Continuous Integration dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants