Skip to content

Bump the github-action-dependencies group across 1 directory with 8 updates#77

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-action-dependencies-66ccd28883
Closed

Bump the github-action-dependencies group across 1 directory with 8 updates#77
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-action-dependencies-66ccd28883

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Nov 1, 2025
edited
Loading

Bumps the github-action-dependencies group with 8 updates in the / directory:

Package From To
actions/checkout 3 5
actions/setup-java 3 5
actions/create-github-app-token 1 2
s4u/maven-settings-action 2.8.0 4.0.0
astral-sh/setup-uv 6 7
crazy-max/ghaction-github-labeler 4 5
release-drafter/release-drafter 5 6
pypa/gh-action-pypi-publish 1.12.4 1.13.0

Updates actions/checkout from 3 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

... (truncated)

Commits

Updates actions/setup-java from 3 to 5

Release notes

Sourced from actions/setup-java's releases.

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

Bug Fixes

New Contributors

Full Changelog: actions/setup-java@v4...v5.0.0

v4.7.1

What's Changed

Documentation changes

Dependency updates:

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

What's Changed

... (truncated)

Commits

Updates actions/create-github-app-token from 1 to 2

Release notes

Sourced from actions/create-github-app-token's releases.

v2.0.0

2.0.0 (2025-04-03)

BREAKING CHANGES

  • Removed deprecated inputs (app_id, private_key, skip_token_revoke) and made app-id and private-key required in the action configuration.

v1.12.0

1.12.0 (2025-03-27)

Features

v1.11.7

1.11.7 (2025-03-20)

Bug Fixes

  • deps: bump undici from 5.28.4 to 7.5.0 (#214) (a24b46a)

v1.11.6

1.11.6 (2025-03-03)

Bug Fixes

  • deps: bump the production-dependencies group with 2 updates (#210) (1ff1dea)

v1.11.5

1.11.5 (2025-02-15)

Bug Fixes

... (truncated)

Commits
  • 6701853 build(release): 2.1.4 [skip ci]
  • bef1eaf fix(deps): bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#257)
  • 1526738 build(release): 2.1.3 [skip ci]
  • f3d5ec2 fix(deps): bump undici from 7.8.0 to 7.10.0 in the production-dependencies gr...
  • def152b build(release): 2.1.2 [skip ci]
  • 5d7307b fix(deps): bump @​octokit/request from 9.2.3 to 10.0.2 (#256)
  • 525760a build(deps): bump stefanzweifel/git-auto-commit-action from 5.2.0 to 6.0.1 (#...
  • 8ab05a8 Add beta branch support for releases (#282)
  • d00315e build(deps): bump actions/checkout from 4 to 5 (#279)
  • fcc6c28 build(deps-dev): bump dotenv from 16.5.0 to 17.2.1 (#269)
  • Additional commits viewable in compare view

Updates s4u/maven-settings-action from 2.8.0 to 4.0.0

Release notes

Sourced from s4u/maven-settings-action's releases.

v4.0.0

What's Changed

💥 Breaking changes

🧰 Dependency updates

❤️ Thanks

Many thanks for collaboration on this release for: @​mhoffrog, @​slawekjaranowski and GitHub Action

v3.1.0

What's Changed

🔥 New features

... (truncated)

Commits
  • 894661b update dependency for release branch
  • ed58d20 Update Sonatype snapshot repository to new Central Portal (#389)
  • c99cacf Update actions to use node 24
  • 1bd3a22 Updates dependencies
  • 2c724b5 Bump jest from 30.1.1 to 30.1.2
  • a8a76a7 Bump jest from 30.1.0 to 30.1.1
  • 41cc972 Bump jest from 30.0.5 to 30.1.0
  • c253de7 Bump eslint from 9.33.0 to 9.34.0
  • e2a43d6 Bump actions/setup-java from 4 to 5
  • d20dda0 Bump @​xmldom/xmldom from 0.8.10 to 0.8.11
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 6 to 7

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.0.0 🌈 node24 and a lot of bugfixes

Changes

This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.

This release also removes the deprecated input server-url which was used to download uv releases from a different server. The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.

Fixes

  • The action now respects when the environment variable UV_CACHE_DIR is already set and does not overwrite it. It now also finds cache-dir settings in config files if you set them.
  • Some users encountered problems that cache pruning took forever because they had some uv processes running in the background. Starting with uv version 0.8.24 this action uses uv cache prune --ci --force to ignore the running processes
  • If you just want to install uv but not have it available in path, this action now respects UV_NO_MODIFY_PATH
  • Some other actions also set the env var UV_CACHE_DIR. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.

Improvements

If you are using minimum version specifiers for the version of uv to install for example

[tool.uv]
required-version = ">=0.8.17"

This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo to determine the highest matching candidate for the version specifier, which took much more time.

If you are using other specifiers like 0.8.x this action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.

🚨 Breaking changes

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits
  • 8585678 Bump dependencies (#664)
  • 22d500a Bump github/codeql-action from 4.30.8 to 4.30.9 (#652)
  • 14d5571 chore: update known checksums for 0.9.5 (#663)
  • 29cd235 Use tar for extracting the uv zip file on Windows too (#660)
  • 2ddd2b9 chore: update known checksums for 0.9.4 (#651)
  • b7bf789 Fix "lowest" resolution strategy with lower-bound only (#649)
  • cb6c0a5 Change version in docs to v7 (#647)
  • dffc629 Use working-directory to detect empty workdir (#645)
  • 6e346e1 chore: update known checksums for 0.9.3 (#644)
  • 3ccd0fd Bump github/codeql-action from 4.30.7 to 4.30.8 (#639)
  • Additional commits viewable in compare view

Updates crazy-max/ghaction-github-labeler from 4 to 5

Release notes

Sourced from crazy-max/ghaction-github-labeler's releases.

v5.0.0

Full Changelog: crazy-max/ghaction-github-labeler@v4.2.0...v5.0.0

v4.2.0

Full Changelog: crazy-max/ghaction-github-labeler@v4.1.0...v4.2.0

v4.1.0

  • Bump @​actions/core from 1.6.0 to 1.10.0 (#170 #174)
  • Bump @​actions/github from 5.0.1 to 5.1.1 (#175)

Full Changelog: crazy-max/ghaction-github-labeler@v4.0.0...v4.1.0

Commits
  • 24d110a Merge pull request #229 from crazy-max/dependabot/npm_and_yarn/octokit/plugin...
  • 38fb29f chore: update generated content
  • 0113fc2 chore(deps): bump @​octokit/plugin-paginate-rest from 9.2.1 to 9.2.2
  • 42f774e Merge pull request #228 from crazy-max/dependabot/npm_and_yarn/octokit/reques...
  • 9983992 chore(deps): bump @​octokit/request-error from 5.1.0 to 5.1.1
  • 32d1878 Merge pull request #232 from crazy-max/dependabot/npm_and_yarn/octokit/reques...
  • 3faa845 chore: update generated content
  • 16efe04 Merge pull request #233 from crazy-max/ci-fix-codecov
  • 7f6122b ci: fix test workflow
  • 2ea799d chore(deps): bump @​octokit/request from 8.4.0 to 8.4.1
  • Additional commits viewable in compare view

Updates release-drafter/release-drafter from 5 to 6

Release notes

Sourced from release-drafter/release-drafter's releases.

v6.0.0

What's Changed

Full Changelog: release-drafter/release-drafter@v5.25.0...v6.0.0

v6.0.0-beta.1

Prerelease of v6, first release of the CLI, feel free to provide feedback in the pull request: release-drafter/release-drafter#1204

v5.25.0

What's Changed

New

Full Changelog: release-drafter/release-drafter@v5.24.0...v5.25.0

v5.24.0

What's Changed

New

Bug Fixes

Full Changelog: release-drafter/release-drafter@v5.23.0...v5.24.0

v5.23.0

What's Changed

New

Full Changelog: release-drafter/release-drafter@v5.22.0...v5.23.0

v5.22.0

What's Changed

New

... (truncated)

Commits

Updates pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.13.0

[!important] 🚨 This release includes fixes for GHSA-vxmw-7h4f-hqxh discovered by @​woodruffw💰. We've also integrated Zizmor to catch similar issues in the future and you should too.

✨ New Stuff

@​woodruffw💰 updated the README to no longer mention the attestations feature being experimental in #347: it's been rather stable for a year already 🎉 He also added more diagnostic output which includes printing out the GitHub Environment claim via #371 and warning about the unsupported reusable workflows configurations #306, when using Trusted Publishing.

[!tip] The official support for reusable workflows is currently blocked on changes to PyPI. To get updates about progress on the action side, you may want to subscribe to #166. At PyCon US 2025 Sprints, @​facutuesca💰, @​miketheman💰, @​woodruffw💰 and I💰 spent several hours IRL brainstorming how to fix this and migrate projects that happen to rely on an obscure corner case with reusable workflows that temporarily allows them to function by accident. The result of that discussion is posted @ pypi/warehouse#11096. Note that this is a volunteer-led effort and there is no ETA. If you need this soon, make your employer sponsor the PSF and maybe they'll be able to hire somebody for this work on Warehouse.

In addition to that, @​konstin💰 sent #378 to pin actions/setup-python to a SHA hash. This makes pypi-publish compatible with new GitHub policies that allow organizations to mandate hash-pinning actions used in workflows.

🛠️ Internal Dependencies

@​webknjaz💰 made a bunch of updates to the action runtime which includes bumping it to Python 3.13 in #331 and updating the dependency tree across the board. pip-with-requires-python is no longer being installed (#332). Some related bumps were contributed by @​woodruffw💰 (#359) and @​kurtmckee💰 sent a contributor-facing PR, bumping the linting configuration via #335.

💪 New Contributors

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.4...v1.13.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

GH Sponsors badge

Commits

@dependabot
Bump the github-action-dependencies group across 1 directory with 8 u…
d0145ba 
…pdates

Bumps the github-action-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `3` | `5` |
| [actions/setup-java](https://github.com/actions/setup-java) | `3` | `5` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `1` | `2` |
| [s4u/maven-settings-action](https://github.com/s4u/maven-settings-action) | `2.8.0` | `4.0.0` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `6` | `7` |
| [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) | `4` | `5` |
| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `5` | `6` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.12.4` | `1.13.0` |



Updates `actions/checkout` from 3 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v5)

Updates `actions/setup-java` from 3 to 5
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v3...v5)

Updates `actions/create-github-app-token` from 1 to 2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@v1...v2)

Updates `s4u/maven-settings-action` from 2.8.0 to 4.0.0
- [Release notes](https://github.com/s4u/maven-settings-action/releases)
- [Commits](s4u/maven-settings-action@v2.8.0...v4.0.0)

Updates `astral-sh/setup-uv` from 6 to 7
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@v6...v7)

Updates `crazy-max/ghaction-github-labeler` from 4 to 5
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Commits](crazy-max/ghaction-github-labeler@v4...v5)

Updates `release-drafter/release-drafter` from 5 to 6
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](release-drafter/release-drafter@v5...v6)

Updates `pypa/gh-action-pypi-publish` from 1.12.4 to 1.13.0
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@v1.12.4...v1.13.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: actions/create-github-app-token
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: s4u/maven-settings-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: astral-sh/setup-uv
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: crazy-max/ghaction-github-labeler
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: release-drafter/release-drafter
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: pypa/gh-action-pypi-publish
  dependency-version: 1.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 1, 2025
@dependabot dependabot bot requested review from a team and BjornRoarJoneid as code owners November 1, 2025 12:16
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 1, 2025
@github-actions github-actions bot added the ci Continuous Integration label Nov 1, 2025
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jan 1, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Jan 1, 2026
@dependabot dependabot bot deleted the dependabot/github_actions/github-action-dependencies-66ccd28883 branch January 1, 2026 12:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BjornRoarJoneid BjornRoarJoneid Awaiting requested review from BjornRoarJoneid BjornRoarJoneid is a code owner

Assignees

No one assigned

Labels

ci Continuous Integration dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants