Skip to content

Bump the github-action-dependencies group across 1 directory with 9 updates#83

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-action-dependencies-e99f0686a0
Open

Bump the github-action-dependencies group across 1 directory with 9 updates#83
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-action-dependencies-e99f0686a0

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 1, 2026
edited
Loading

Bumps the github-action-dependencies group with 9 updates in the / directory:

Package From To
actions/checkout 3 6
actions/setup-java 3 5
actions/cache 4 5
actions/create-github-app-token 1 2
s4u/maven-settings-action 2.8.0 4.0.0
astral-sh/setup-uv 6 7
crazy-max/ghaction-github-labeler 4 5
release-drafter/release-drafter 5 6
pypa/gh-action-pypi-publish 1.12.4 1.13.0

Updates actions/checkout from 3 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Updates actions/setup-java from 3 to 5

Release notes

Sourced from actions/setup-java's releases.

v5.0.0

What's Changed

Breaking Changes

Make sure your runner is updated to this version or newer to use this release. v2.327.1 Release Notes

Dependency Upgrades

Bug Fixes

New Contributors

Full Changelog: actions/setup-java@v4...v5.0.0

v4.8.0

What's Changed

Full Changelog: actions/setup-java@v4...v4.8.0

v4.7.1

What's Changed

Documentation changes

Dependency updates:

Full Changelog: actions/setup-java@v4...v4.7.1

v4.7.0

What's Changed

... (truncated)

Commits
  • f2beeb2 Bump actions/publish-action from 0.3.0 to 0.4.0 (#912)
  • 4e7e684 feat: Add support for .sdkmanrc file in java-version-file parameter (#736)
  • 46c56d6 Add GitHub Token Support for GraalVM and Refactor Code (#849)
  • 66b9457 Update SapMachine URLs (#955)
  • 6ba5449 Enhance error logging for network failures to include endpoint/IP details, ad...
  • de5a937 adds microsoft openjdk25 builds (#927)
  • ead9eaa Update Regex to Support All ASDF Versions for the supported distributions in ...
  • 8c57fa3 Clarify JAVA_HOME and PATH setup in README (#841)
  • a7ab372 Bump prettier from 2.8.8 to 3.6.2 (#873)
  • d0351b4 Update documentation to use checkout and Java v5 (#903)
  • Additional commits viewable in compare view

Updates actions/cache from 4 to 5

Release notes

Sourced from actions/cache's releases.

v5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

What's Changed

Full Changelog: actions/cache@v4.3.0...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.2.4

v4.2.3

What's Changed

  • Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

Full Changelog: actions/cache@v4.2.2...v4.2.3

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

Changelog

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

4.3.0

  • Bump @actions/cache to v4.1.0

4.2.4

  • Bump @actions/cache to v4.0.5

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

  • Bump @actions/cache to v4.0.2

4.2.1

  • Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

... (truncated)

Commits
  • 9255dc7 Merge pull request #1686 from actions/cache-v5.0.1-release
  • 8ff5423 chore: release v5.0.1
  • 9233019 Merge pull request #1685 from salmanmkc/node24-storage-blob-fix
  • b975f2b fix: add peer property to package-lock.json for dependencies
  • d0a0e18 fix: update license files for @​actions/cache, fast-xml-parser, and strnum
  • 74de208 fix: update @​actions/cache to ^5.0.1 for Node.js 24 punycode fix
  • ac7f115 peer
  • b0f846b fix: update @​actions/cache with storage-blob fix for Node.js 24 punycode depr...
  • a783357 Merge pull request #1684 from actions/prepare-cache-v5-release
  • 3bb0d78 docs: highlight v5 runner requirement in releases
  • Additional commits viewable in compare view

Updates actions/create-github-app-token from 1 to 2

Release notes

Sourced from actions/create-github-app-token's releases.

v2.0.0

2.0.0 (2025-04-03)

BREAKING CHANGES

  • Removed deprecated inputs (app_id, private_key, skip_token_revoke) and made app-id and private-key required in the action configuration.

v1.12.0

1.12.0 (2025-03-27)

Features

v1.11.7

1.11.7 (2025-03-20)

Bug Fixes

  • deps: bump undici from 5.28.4 to 7.5.0 (#214) (a24b46a)

v1.11.6

1.11.6 (2025-03-03)

Bug Fixes

  • deps: bump the production-dependencies group with 2 updates (#210) (1ff1dea)

v1.11.5

1.11.5 (2025-02-15)

Bug Fixes

... (truncated)

Commits
  • 29824e6 build(release): 2.2.1 [skip ci]
  • b212e6a fix(deps): bump the production-dependencies group with 2 updates (#311)
  • 8efbf9b ci: create stale workflow (#309)
  • 7e473ef build(release): 2.2.0 [skip ci]
  • dce3be8 fix(deps): bump p-retry from 6.2.1 to 7.1.0 (#294)
  • 5480f43 fix(deps): bump glob from 10.4.5 to 10.5.0 (#305)
  • d90aa53 feat: update permission inputs (#296)
  • 55e2a4b fix(deps): bump the production-dependencies group with 2 updates (#292)
  • cc6f999 ci(test): trigger on merge_group (#308)
  • 40fa6b5 build(deps-dev): bump @​sinonjs/fake-timers from 14.0.0 to 15.0.0 (#295)
  • Additional commits viewable in compare view

Updates s4u/maven-settings-action from 2.8.0 to 4.0.0

Release notes

Sourced from s4u/maven-settings-action's releases.

v4.0.0

What's Changed

💥 Breaking changes

🧰 Dependency updates

❤️ Thanks

Many thanks for collaboration on this release for: @​mhoffrog, @​slawekjaranowski and GitHub Action

v3.1.0

What's Changed

🔥 New features

... (truncated)

Commits
  • 894661b update dependency for release branch
  • ed58d20 Update Sonatype snapshot repository to new Central Portal (#389)
  • c99cacf Update actions to use node 24
  • 1bd3a22 Updates dependencies
  • 2c724b5 Bump jest from 30.1.1 to 30.1.2
  • a8a76a7 Bump jest from 30.1.0 to 30.1.1
  • 41cc972 Bump jest from 30.0.5 to 30.1.0
  • c253de7 Bump eslint from 9.33.0 to 9.34.0
  • e2a43d6 Bump actions/setup-java from 4 to 5
  • d20dda0 Bump @​xmldom/xmldom from 0.8.10 to 0.8.11
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 6 to 7

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.0.0 🌈 node24 and a lot of bugfixes

Changes

This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.

This release also removes the deprecated input server-url which was used to download uv releases from a different server. The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.

Fixes

  • The action now respects when the environment variable UV_CACHE_DIR is already set and does not overwrite it. It now also finds cache-dir settings in config files if you set them.
  • Some users encountered problems that cache pruning took forever because they had some uv processes running in the background. Starting with uv version 0.8.24 this action uses uv cache prune --ci --force to ignore the running processes
  • If you just want to install uv but not have it available in path, this action now respects UV_NO_MODIFY_PATH
  • Some other actions also set the env var UV_CACHE_DIR. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.

Improvements

If you are using minimum version specifiers for the version of uv to install for example

[tool.uv]
required-version = ">=0.8.17"

This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo to determine the highest matching candidate for the version specifier, which took much more time.

If you are using other specifiers like 0.8.x this action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.

🚨 Breaking changes

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits
  • 681c641 Bump actions/checkout from 5.0.0 to 6.0.1 (#712)
  • 2e85713 Bump actions/setup-node from 6.0.0 to 6.1.0 (#715)
  • 58b6d7b fix: add OS version to cache key to prevent binary incompatibility (#716)
  • e8b52af chore: update known checksums for 0.9.17 (#714)
  • ed21f2f Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (#695)
  • 93202d8 bump dependencies (#709)
  • 5ce0900 set biome files.maxSize to 2MiB (#708)
  • 4180991 allow cache-local-path w/o enable-cache (#707)
  • 0439606 Bump github/codeql-action from 4.30.9 to 4.31.6 (#698)
  • 7dd56c1 chore: update known checksums for 0.9.16 (#706)
  • Additional commits viewable in compare view

Updates crazy-max/ghaction-github-labeler from 4 to 5

Release notes

Sourced from crazy-max/ghaction-github-labeler's releases.

v5.0.0

Full Changelog: crazy-max/ghaction-github-labeler@v4.2.0...v5.0.0

v4.2.0

Full Changelog: crazy-max/ghaction-github-labeler@v4.1.0...v4.2.0

v4.1.0

  • Bump @​actions/core from 1.6.0 to 1.10.0 (#170 #174)
  • Bump @​actions/github from 5.0.1 to 5.1.1 (#175)

Full Changelog: crazy-max/ghaction-github-labeler@v4.0.0...v4.1.0

Commits
  • 24d110a Merge pull request #229 from crazy-max/dependabot/npm_and_yarn/octokit/plugin...
  • 38fb29f chore: update generated content
  • 0113fc2 chore(deps): bump @​octokit/plugin-paginate-rest from 9.2.1 to 9.2.2
  • 42f774e Merge pull request #228 from crazy-max/dependabot/npm_and_yarn/octokit/reques...
  • 9983992 chore(deps): bump @​octokit/request-error from 5.1.0 to 5.1.1
  • 32d1878 Merge pull request #232 from crazy-max/dependabot/npm_and_yarn/octokit/reques...
  • 3faa845 chore: update generated content
  • 16efe04 Merge pull request #233 from crazy-max/ci-fix-codecov
  • 7f6122b ci: fix test workflow
  • 2ea799d chore(deps): bump @​octokit/request from 8.4.0 to 8.4.1
  • Additional commits viewable in compare view

Updates release-drafter/release-drafter from 5 to 6

Release notes

Sourced from release-drafter/release-drafter's releases.

v6.0.0

What's Changed

Full Changelog: release-drafter/release-drafter@v5.25.0...v6.0.0

v6.0.0-beta.1

Prerelease of v6, first release of the CLI, feel free to provide feedback in the pull request: release-drafter/release-drafter#1204

v5.25.0

What's Changed

New

Full Changelog: release-drafter/release-drafter@v5.24.0...v5.25.0

v5.24.0

What's Changed

New

Bug Fixes

Full Changelog: release-drafter/release-drafter@v5.23.0...v5.24.0

v5.23.0

What's Changed

New

Full Changelog: release-drafter/release-drafter@v5.22.0...v5.23.0

v5.22.0

What's Changed

New

... (truncated)

Commits

Updates pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.13.0

[!important] 🚨 This release includes fixes for GHSA-vxmw-7h4f-hqxh discovered by @​woodruffw💰. We've also integrated Zizmor to catch similar issues in the future and you should too.

✨ New Stuff

@​woodruffw

@dependabot
Bump the github-action-dependencies group across 1 directory with 9 u…
751de2f 
…pdates

Bumps the github-action-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `3` | `6` |
| [actions/setup-java](https://github.com/actions/setup-java) | `3` | `5` |
| [actions/cache](https://github.com/actions/cache) | `4` | `5` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `1` | `2` |
| [s4u/maven-settings-action](https://github.com/s4u/maven-settings-action) | `2.8.0` | `4.0.0` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `6` | `7` |
| [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) | `4` | `5` |
| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `5` | `6` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.12.4` | `1.13.0` |



Updates `actions/checkout` from 3 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v6)

Updates `actions/setup-java` from 3 to 5
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v3...v5)

Updates `actions/cache` from 4 to 5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v4...v5)

Updates `actions/create-github-app-token` from 1 to 2
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@v1...v2)

Updates `s4u/maven-settings-action` from 2.8.0 to 4.0.0
- [Release notes](https://github.com/s4u/maven-settings-action/releases)
- [Commits](s4u/maven-settings-action@v2.8.0...v4.0.0)

Updates `astral-sh/setup-uv` from 6 to 7
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@v6...v7)

Updates `crazy-max/ghaction-github-labeler` from 4 to 5
- [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases)
- [Commits](crazy-max/ghaction-github-labeler@v4...v5)

Updates `release-drafter/release-drafter` from 5 to 6
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](release-drafter/release-drafter@v5...v6)

Updates `pypa/gh-action-pypi-publish` from 1.12.4 to 1.13.0
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@v1.12.4...v1.13.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: actions/create-github-app-token
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: s4u/maven-settings-action
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: astral-sh/setup-uv
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: crazy-max/ghaction-github-labeler
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: release-drafter/release-drafter
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-action-dependencies
- dependency-name: pypa/gh-action-pypi-publish
  dependency-version: 1.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-action-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 1, 2026
@dependabot dependabot bot requested review from a team and BjornRoarJoneid as code owners January 1, 2026 12:16
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 1, 2026
@github-actions github-actions bot added the ci Continuous Integration label Jan 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BjornRoarJoneid BjornRoarJoneid Awaiting requested review from BjornRoarJoneid BjornRoarJoneid is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

ci Continuous Integration dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants