Bump the all-actions group with 31 updates by dependabot[bot] · Pull Request #4643 · zenml-io/zenml

dependabot · 2026-03-24T06:16:35Z

Bumps the all-actions group with 31 updates:

Package	From	To
actions/checkout	`1.2.0`	`6.0.2`
actions/setup-python	`2.3.4`	`6.2.0`
astral-sh/setup-uv	`6.8.0`	`7.6.0`
peter-evans/find-comment	`2.4.0`	`4.0.0`
peter-evans/create-or-update-comment	`2.1.1`	`5.0.0`
crate-ci/typos	`1.17.0`	`1.44.0`
actions/github-script	`7.0.1`	`8.0.0`
docker/login-action	`3.6.0`	`4.0.0`
gaurav-nelson/github-action-markdown-link-check	`1.0.15`	`1.0.17`
anthropics/claude-code-action	`1.0.30`	`1.0.77`
github/codeql-action	`3.31.10`	`4.34.1`
calibreapp/image-actions	`1.1.0`	`1.4.1`
actions/cache	`4.3.0`	`5.0.4`
aws-actions/configure-aws-credentials	`1.7.0`	`6.0.0`
google-github-actions/auth	`2.1.13`	`3.0.0`
google-github-actions/setup-gcloud	`0.7.0`	`3.0.1`
google-github-actions/get-gke-credentials	`2.3.5`	`3.0.0`
mxschmitt/action-tmate	`3.17`	`3.23`
peter-evans/repository-dispatch	`3.0.0`	`4.0.1`
actions/upload-artifact	`4.6.2`	`7.0.0`
JulienKode/team-labeler-action	`1.1.0`	`2.0.2`
TimonVS/pr-labeler-action	`4.1.1`	`5.0.0`
actions/setup-node	`4.0.1`	`6.3.0`
aws-actions/amazon-ecr-login	`2.0.1`	`2.1.0`
azure/setup-helm	`3.5`	`5`
snok/install-poetry	`1.3.4`	`1.4.1`
tschm/token-mint-action	`1.0.2`	`1.0.3`
mheap/github-action-required-labels	`5.5.1`	`5.5.2`
actions/stale	`10.1.1`	`10.2.0`
aquasecurity/trivy-action	`0.19.0`	`0.35.0`
actions/download-artifact	`4.3.0`	`8.0.1`

Updates actions/checkout from 1.2.0 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates actions/setup-python from 2.3.4 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

Upgrade dependencies to Node 24 compatible versions by @salmanmkc in actions/setup-python#1259

Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

What's Changed

Enhancements:

Add support for pip-install input by @gowridurgad in actions/setup-python#1201

Add graalpy early-access and windows builds by @timfel in actions/setup-python#880

Dependency and Documentation updates:

Enhanced wording and updated example usage for allow-prereleases by @yarikoptic in actions/setup-python#979

Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @dependabot in actions/setup-python#1139

Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @dependabot in actions/setup-python#1094

Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @dependabot in actions/setup-python#1199

Upgrade requests from 2.32.2 to 2.32.4 by @dependabot in actions/setup-python#1130

Upgrade prettier from 3.5.3 to 3.6.2 by @dependabot in actions/setup-python#1234

Upgrade @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @dependabot in actions/setup-python#1235

New Contributors

@yarikoptic made their first contribution in actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

... (truncated)

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
Additional commits viewable in compare view

Updates astral-sh/setup-uv from 6.8.0 to 7.6.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

We now default to download uv from releases.astral.sh. This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements

Fetch uv from Astral's mirror by default @zsol (#809)

🧰 Maintenance

Switch to ESM for source and test, use CommonJS for dist @eifinger (#806)

chore: update known checksums for 0.10.10 @github-actions[bot] (#804)

⬆️ Dependency updates

chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 @dependabot[bot] (#808)

Bump deps @eifinger (#805)

v7.5.0 🌈 Use astral-sh/versions as version provider

No more rate-limits

This release addresses a long-standing source of timeouts and rate-limit failures in setup-uv.

Previously, the action resolved version identifiers like 0.5.x by iterating over available uv releases via the GitHub API to find the best match. In contrast, latest and exact versions such as 0.5.0 skipped version resolution entirely and downloaded uv directly.

The manifest-file input was an earlier attempt to improve this. It allows providing an url to a file that lists available versions, checksums, and even custom download URLs. The action also shipped with such a manifest. However, because that bundled file could become outdated whenever new uv releases were published, the action still had to fall back to the GitHub API in many cases.

This release solves the problem by sourcing version data from Astral’s versions repository via the raw content endpoint:

https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson

By using the raw endpoint instead of the GitHub API, version resolution no longer depends on API authentication and is much less likely to run into rate limits or timeouts.

[!TIP] The next section is only interesting for users of the manifest-file input

The manifest-file input lets you override that source with your own URL, for example to test custom uv builds or alternate download locations.

The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example:
{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}
{"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}

... (truncated)

Commits

37802ad Fetch uv from Astral's mirror by default (#809)
9f00d18 chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (#808)
fd8f376 Switch to ESM for source and test, use CommonJS for dist (#806)
f9070de Bump deps (#805)
cadb67b chore: update known checksums for 0.10.10 (#804)
e06108d Use astral-sh/versions as primary version provider (#802)
0f6ec07 docs: replace copilot instructions with AGENTS.md (#794)
821e5c9 docs: add cross-client dependabot rollup skill (#793)
6ee6290 chore(deps): bump versions (#792)
9f332a1 Add riscv64 architecture support to platform detection (#791)
Additional commits viewable in compare view

Updates peter-evans/find-comment from 2.4.0 to 4.0.0

Release notes

Sourced from peter-evans/find-comment's releases.

Find Comment v4.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

build(deps-dev): bump @types/node from 18.19.28 to 18.19.30 by @dependabot[bot] in peter-evans/find-comment#301

build(deps-dev): bump @types/node from 18.19.30 to 18.19.31 by @dependabot[bot] in peter-evans/find-comment#302

build(deps-dev): bump @types/node from 18.19.31 to 18.19.33 by @dependabot[bot] in peter-evans/find-comment#303

build(deps-dev): bump prettier from 3.2.5 to 3.3.0 by @dependabot[bot] in peter-evans/find-comment#304

build(deps-dev): bump prettier from 3.3.0 to 3.3.1 by @dependabot[bot] in peter-evans/find-comment#305

build(deps-dev): bump @types/node from 18.19.33 to 18.19.34 by @dependabot[bot] in peter-evans/find-comment#306

build(deps-dev): bump prettier from 3.3.1 to 3.3.2 by @dependabot[bot] in peter-evans/find-comment#307

build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @dependabot[bot] in peter-evans/find-comment#308

build(deps-dev): bump ws from 7.5.9 to 7.5.10 by @dependabot[bot] in peter-evans/find-comment#309

build(deps-dev): bump @types/node from 18.19.34 to 18.19.39 by @dependabot[bot] in peter-evans/find-comment#310

build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by @dependabot[bot] in peter-evans/find-comment#311

build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @dependabot[bot] in peter-evans/find-comment#312

build(deps-dev): bump @types/node from 18.19.39 to 18.19.41 by @dependabot[bot] in peter-evans/find-comment#313

build(deps-dev): bump @types/node from 18.19.41 to 18.19.42 by @dependabot[bot] in peter-evans/find-comment#314

build(deps-dev): bump @types/node from 18.19.42 to 18.19.43 by @dependabot[bot] in peter-evans/find-comment#315

build(deps-dev): bump @types/node from 18.19.43 to 18.19.44 by @dependabot[bot] in peter-evans/find-comment#316

build(deps-dev): bump @types/node from 18.19.44 to 18.19.45 by @dependabot[bot] in peter-evans/find-comment#317

build(deps-dev): bump @types/node from 18.19.45 to 18.19.47 by @dependabot[bot] in peter-evans/find-comment#318

build(deps): bump peter-evans/create-pull-request from 6 to 7 by @dependabot[bot] in peter-evans/find-comment#319

build(deps-dev): bump @types/node from 18.19.47 to 18.19.50 by @dependabot[bot] in peter-evans/find-comment#320

build(deps-dev): bump eslint from 8.57.0 to 8.57.1 by @dependabot[bot] in peter-evans/find-comment#321

build(deps-dev): bump @vercel/ncc from 0.38.1 to 0.38.2 by @dependabot[bot] in peter-evans/find-comment#322

build(deps-dev): bump @types/node from 18.19.50 to 18.19.54 by @dependabot[bot] in peter-evans/find-comment#323

Update distribution by @actions-bot in peter-evans/find-comment#324

build(deps): bump @actions/core from 1.10.1 to 1.11.1 by @dependabot[bot] in peter-evans/find-comment#325

Update distribution by @actions-bot in peter-evans/find-comment#326

build(deps-dev): bump @types/node from 18.19.54 to 18.19.55 by @dependabot[bot] in peter-evans/find-comment#327

build(deps-dev): bump @types/node from 18.19.55 to 18.19.57 by @dependabot[bot] in peter-evans/find-comment#328

build(deps-dev): bump @types/node from 18.19.57 to 18.19.59 by @dependabot[bot] in peter-evans/find-comment#329

build(deps-dev): bump @types/node from 18.19.59 to 18.19.63 by @dependabot[bot] in peter-evans/find-comment#330

build(deps-dev): bump @types/node from 18.19.63 to 18.19.64 by @dependabot[bot] in peter-evans/find-comment#331

build(deps-dev): bump @vercel/ncc from 0.38.2 to 0.38.3 by @dependabot[bot] in peter-evans/find-comment#332

build(deps-dev): bump @types/node from 18.19.64 to 18.19.65 by @dependabot[bot] in peter-evans/find-comment#333

build(deps-dev): bump @types/node from 18.19.65 to 18.19.67 by @dependabot[bot] in peter-evans/find-comment#334

build(deps-dev): bump prettier from 3.3.3 to 3.4.1 by @dependabot[bot] in peter-evans/find-comment#335

build(deps-dev): bump prettier from 3.4.1 to 3.4.2 by @dependabot[bot] in peter-evans/find-comment#336

build(deps-dev): bump @types/node from 18.19.67 to 18.19.68 by @dependabot[bot] in peter-evans/find-comment#337

build(deps-dev): bump @types/node from 18.19.68 to 18.19.69 by @dependabot[bot] in peter-evans/find-comment#338

build(deps-dev): bump @types/node from 18.19.69 to 18.19.70 by @dependabot[bot] in peter-evans/find-comment#339

build(deps-dev): bump eslint-plugin-prettier from 5.2.1 to 5.2.3 by @dependabot[bot] in peter-evans/find-comment#340

build(deps-dev): bump @types/node from 18.19.70 to 18.19.71 by @dependabot[bot] in peter-evans/find-comment#341

build(deps-dev): bump @types/node from 18.19.71 to 18.19.74 by @dependabot[bot] in peter-evans/find-comment#342

build(deps-dev): bump @types/node from 18.19.74 to 18.19.75 by @dependabot[bot] in peter-evans/find-comment#343

build(deps-dev): bump prettier from 3.4.2 to 3.5.1 by @dependabot[bot] in peter-evans/find-comment#344

build(deps-dev): bump @types/node from 18.19.75 to 18.19.76 by @dependabot[bot] in peter-evans/find-comment#345

build(deps): bump @octokit/request-error and @actions/github by @dependabot[bot] in peter-evans/find-comment#346

... (truncated)

Commits

b30e6a3 feat: v4 (#389)
b4929e7 build(deps-dev): bump @types/node from 18.19.124 to 18.19.127 (#388)
1f47d94 build(deps-dev): bump @vercel/ncc from 0.38.3 to 0.38.4 (#387)
a723a15 build(deps): bump actions/setup-node from 4 to 5 (#386)
8bacb1b build(deps-dev): bump @types/node from 18.19.123 to 18.19.124 (#385)
048de65 build(deps): bump actions/checkout from 4 to 5 (#384)
c02750f build(deps-dev): bump @types/node from 18.19.122 to 18.19.123 (#383)
092c582 build(deps): bump actions/download-artifact from 4 to 5 (#382)
c115bb0 build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 (#381)
8d3be5d build(deps-dev): bump @types/node from 18.19.121 to 18.19.122 (#380)
Additional commits viewable in compare view

Updates peter-evans/create-or-update-comment from 2.1.1 to 5.0.0

Release notes

Sourced from peter-evans/create-or-update-comment's releases.

Create or Update Comment v5.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

build(deps): bump peter-evans/create-or-update-comment from 3 to 4 by @dependabot[bot] in peter-evans/create-or-update-comment#307

build(deps-dev): bump @types/node from 18.19.8 to 18.19.11 by @dependabot[bot] in peter-evans/create-or-update-comment#308

build(deps): bump peter-evans/slash-command-dispatch from 3 to 4 by @dependabot[bot] in peter-evans/create-or-update-comment#310

build(deps): bump peter-evans/create-pull-request from 5 to 6 by @dependabot[bot] in peter-evans/create-or-update-comment#309

build(deps-dev): bump @types/node from 18.19.11 to 18.19.14 by @dependabot[bot] in peter-evans/create-or-update-comment#311

build(deps-dev): bump prettier from 3.2.4 to 3.2.5 by @dependabot[bot] in peter-evans/create-or-update-comment#312

build(deps-dev): bump eslint-plugin-jest from 27.6.3 to 27.8.0 by @dependabot[bot] in peter-evans/create-or-update-comment#313

build(deps-dev): bump @types/node from 18.19.14 to 18.19.15 by @dependabot[bot] in peter-evans/create-or-update-comment#314

build(deps-dev): bump @types/node from 18.19.15 to 18.19.17 by @dependabot[bot] in peter-evans/create-or-update-comment#315

build(deps-dev): bump eslint-plugin-jest from 27.8.0 to 27.9.0 by @dependabot[bot] in peter-evans/create-or-update-comment#316

build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by @dependabot[bot] in peter-evans/create-or-update-comment#318

build(deps-dev): bump @types/node from 18.19.17 to 18.19.19 by @dependabot[bot] in peter-evans/create-or-update-comment#319

build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 by @dependabot[bot] in peter-evans/create-or-update-comment#320

build(deps-dev): bump @types/node from 18.19.19 to 18.19.21 by @dependabot[bot] in peter-evans/create-or-update-comment#321

build(deps-dev): bump @types/node from 18.19.21 to 18.19.23 by @dependabot[bot] in peter-evans/create-or-update-comment#322

build(deps-dev): bump @types/node from 18.19.23 to 18.19.26 by @dependabot[bot] in peter-evans/create-or-update-comment#325

build(deps-dev): bump @types/node from 18.19.26 to 18.19.29 by @dependabot[bot] in peter-evans/create-or-update-comment#326

build(deps-dev): bump @types/node from 18.19.29 to 18.19.31 by @dependabot[bot] in peter-evans/create-or-update-comment#327

build(deps): bump chuhlomin/render-template from 1.9 to 1.10 by @dependabot[bot] in peter-evans/create-or-update-comment#328

build(deps-dev): bump @types/node from 18.19.31 to 18.19.32 by @dependabot[bot] in peter-evans/create-or-update-comment#329

build(deps-dev): bump @types/node from 18.19.32 to 18.19.33 by @dependabot[bot] in peter-evans/create-or-update-comment#330

build(deps-dev): bump prettier from 3.2.5 to 3.3.0 by @dependabot[bot] in peter-evans/create-or-update-comment#332

build(deps-dev): bump @types/node from 18.19.33 to 18.19.34 by @dependabot[bot] in peter-evans/create-or-update-comment#333

build(deps-dev): bump prettier from 3.3.0 to 3.3.2 by @dependabot[bot] in peter-evans/create-or-update-comment#334

build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @dependabot[bot] in peter-evans/create-or-update-comment#335

build(deps-dev): bump ws from 7.5.9 to 7.5.10 by @dependabot[bot] in peter-evans/create-or-update-comment#336

build(deps-dev): bump @types/node from 18.19.34 to 18.19.36 by @dependabot[bot] in peter-evans/create-or-update-comment#337

build(deps-dev): bump @types/node from 18.19.36 to 18.19.39 by @dependabot[bot] in peter-evans/create-or-update-comment#338

build(deps-dev): bump @types/node from 18.19.39 to 18.19.40 by @dependabot[bot] in peter-evans/create-or-update-comment#340

build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by @dependabot[bot] in peter-evans/create-or-update-comment#339

build(deps-dev): bump @types/node from 18.19.40 to 18.19.42 by @dependabot[bot] in peter-evans/create-or-update-comment#342

build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @dependabot[bot] in peter-evans/create-or-update-comment#343

build(deps-dev): bump @types/node from 18.19.42 to 18.19.43 by @dependabot[bot] in peter-evans/create-or-update-comment#345

build(deps-dev): bump @types/node from 18.19.43 to 18.19.44 by @dependabot[bot] in peter-evans/create-or-update-comment#347

build(deps-dev): bump @types/node from 18.19.44 to 18.19.45 by @dependabot[bot] in peter-evans/create-or-update-comment#348

build(deps-dev): bump @types/node from 18.19.45 to 18.19.47 by @dependabot[bot] in peter-evans/create-or-update-comment#349

build(deps-dev): bump @types/node from 18.19.47 to 18.19.49 by @dependabot[bot] in peter-evans/create-or-update-comment#350

build(deps): bump peter-evans/create-pull-request from 6 to 7 by @dependabot[bot] in peter-evans/create-or-update-comment#351

build(deps-dev): bump @types/node from 18.19.49 to 18.19.50 by @dependabot[bot] in peter-evans/create-or-update-comment#352

build(deps-dev): bump eslint from 8.57.0 to 8.57.1 by @dependabot[bot] in peter-evans/create-or-update-comment#353

build(deps-dev): bump @vercel/ncc from 0.38.1 to 0.38.2 by @dependabot[bot] in peter-evans/create-or-update-comment#354

build(deps-dev): bump @types/node from 18.19.50 to 18.19.51 by @dependabot[bot] in peter-evans/create-or-update-comment#355

Update distribution by @actions-bot in peter-evans/create-or-update-comment#356

build(deps-dev): bump @types/node from 18.19.51 to 18.19.54 by @dependabot[bot] in peter-evans/create-or-update-comment#357

build(deps-dev): bump @types/node from 18.19.54 to 18.19.55 by @dependabot[bot] in peter-evans/create-or-update-comment#359

build(deps): bump @actions/core from 1.10.1 to 1.11.1 by @dependabot[bot] in peter-evans/create-or-update-comment#360

... (truncated)

Commits

e8674b0 feat: v5 (#439)
fffe59e build(deps-dev): bump @types/node from 18.19.127 to 18.19.129 (#438)
076d572 build(deps-dev): bump @types/node from 18.19.126 to 18.19.127 (#437)
86a2645 build(deps-dev): bump @vercel/ncc from 0.38.3 to 0.38.4 (#436)
be17e0c build(deps-dev): bump @types/node from 18.19.124 to 18.19.126 (#435)
ef75eae build(deps-dev): bump @types/node from 18.19.123 to 18.19.124 (#433)
82a7ad0 build(deps): bump actions/setup-node from 4 to 5 (#432)

Bumps the all-actions group with 31 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `1.2.0` | `6.0.2` | | [actions/setup-python](https://github.com/actions/setup-python) | `2.3.4` | `6.2.0` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `6.8.0` | `7.6.0` | | [peter-evans/find-comment](https://github.com/peter-evans/find-comment) | `2.4.0` | `4.0.0` | | [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) | `2.1.1` | `5.0.0` | | [crate-ci/typos](https://github.com/crate-ci/typos) | `1.17.0` | `1.44.0` | | [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `8.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.6.0` | `4.0.0` | | [gaurav-nelson/github-action-markdown-link-check](https://github.com/gaurav-nelson/github-action-markdown-link-check) | `1.0.15` | `1.0.17` | | [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.30` | `1.0.77` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.31.10` | `4.34.1` | | [calibreapp/image-actions](https://github.com/calibreapp/image-actions) | `1.1.0` | `1.4.1` | | [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.4` | | [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `1.7.0` | `6.0.0` | | [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.13` | `3.0.0` | | [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) | `0.7.0` | `3.0.1` | | [google-github-actions/get-gke-credentials](https://github.com/google-github-actions/get-gke-credentials) | `2.3.5` | `3.0.0` | | [mxschmitt/action-tmate](https://github.com/mxschmitt/action-tmate) | `3.17` | `3.23` | | [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.0` | | [JulienKode/team-labeler-action](https://github.com/julienkode/team-labeler-action) | `1.1.0` | `2.0.2` | | [TimonVS/pr-labeler-action](https://github.com/timonvs/pr-labeler-action) | `4.1.1` | `5.0.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `4.0.1` | `6.3.0` | | [aws-actions/amazon-ecr-login](https://github.com/aws-actions/amazon-ecr-login) | `2.0.1` | `2.1.0` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `3.5` | `5` | | [snok/install-poetry](https://github.com/snok/install-poetry) | `1.3.4` | `1.4.1` | | [tschm/token-mint-action](https://github.com/tschm/token-mint-action) | `1.0.2` | `1.0.3` | | [mheap/github-action-required-labels](https://github.com/mheap/github-action-required-labels) | `5.5.1` | `5.5.2` | | [actions/stale](https://github.com/actions/stale) | `10.1.1` | `10.2.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.19.0` | `0.35.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` | Updates `actions/checkout` from 1.2.0 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v1.2.0...de0fac2) Updates `actions/setup-python` from 2.3.4 to 6.2.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v2.3.4...a309ff8) Updates `astral-sh/setup-uv` from 6.8.0 to 7.6.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@d0cc045...37802ad) Updates `peter-evans/find-comment` from 2.4.0 to 4.0.0 - [Release notes](https://github.com/peter-evans/find-comment/releases) - [Commits](peter-evans/find-comment@v2.4.0...b30e6a3) Updates `peter-evans/create-or-update-comment` from 2.1.1 to 5.0.0 - [Release notes](https://github.com/peter-evans/create-or-update-comment/releases) - [Commits](peter-evans/create-or-update-comment@v2.1.1...e8674b0) Updates `crate-ci/typos` from 1.17.0 to 1.44.0 - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](crate-ci/typos@v1.17.0...631208b) Updates `actions/github-script` from 7.0.1 to 8.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7.0.1...ed59741) Updates `docker/login-action` from 3.6.0 to 4.0.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@5e57cd1...b45d80f) Updates `gaurav-nelson/github-action-markdown-link-check` from 1.0.15 to 1.0.17 - [Release notes](https://github.com/gaurav-nelson/github-action-markdown-link-check/releases) - [Commits](gaurav-nelson/github-action-markdown-link-check@d53a906...3c3b66f) Updates `anthropics/claude-code-action` from 1.0.30 to 1.0.77 - [Release notes](https://github.com/anthropics/claude-code-action/releases) - [Commits](anthropics/claude-code-action@a017b83...ff9acae) Updates `github/codeql-action` from 3.31.10 to 4.34.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@4bdb89f...3869755) Updates `calibreapp/image-actions` from 1.1.0 to 1.4.1 - [Release notes](https://github.com/calibreapp/image-actions/releases) - [Commits](calibreapp/image-actions@737ceea...f325757) Updates `actions/cache` from 4.3.0 to 5.0.4 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@0057852...6682284) Updates `aws-actions/configure-aws-credentials` from 1.7.0 to 6.0.0 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@v1.7.0...8df5847) Updates `google-github-actions/auth` from 2.1.13 to 3.0.0 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@c200f36...7c6bc77) Updates `google-github-actions/setup-gcloud` from 0.7.0 to 3.0.1 - [Release notes](https://github.com/google-github-actions/setup-gcloud/releases) - [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md) - [Commits](google-github-actions/setup-gcloud@v0.7.0...aa5489c) Updates `google-github-actions/get-gke-credentials` from 2.3.5 to 3.0.0 - [Release notes](https://github.com/google-github-actions/get-gke-credentials/releases) - [Changelog](https://github.com/google-github-actions/get-gke-credentials/blob/main/CHANGELOG.md) - [Commits](google-github-actions/get-gke-credentials@64bc724...3da1e46) Updates `mxschmitt/action-tmate` from 3.17 to 3.23 - [Release notes](https://github.com/mxschmitt/action-tmate/releases) - [Changelog](https://github.com/mxschmitt/action-tmate/blob/master/RELEASE.md) - [Commits](mxschmitt/action-tmate@a283f94...c0afd6f) Updates `peter-evans/repository-dispatch` from 3.0.0 to 4.0.1 - [Release notes](https://github.com/peter-evans/repository-dispatch/releases) - [Commits](peter-evans/repository-dispatch@ff45666...28959ce) Updates `actions/upload-artifact` from 4.6.2 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...bbbca2d) Updates `JulienKode/team-labeler-action` from 1.1.0 to 2.0.2 - [Release notes](https://github.com/julienkode/team-labeler-action/releases) - [Commits](JulienKode/team-labeler-action@a205b24...edc2a1d) Updates `TimonVS/pr-labeler-action` from 4.1.1 to 5.0.0 - [Release notes](https://github.com/timonvs/pr-labeler-action/releases) - [Commits](TimonVS/pr-labeler-action@8b99f40...f9c0843) Updates `actions/setup-node` from 4.0.1 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@b39b52d...53b8394) Updates `aws-actions/amazon-ecr-login` from 2.0.1 to 2.1.0 - [Release notes](https://github.com/aws-actions/amazon-ecr-login/releases) - [Changelog](https://github.com/aws-actions/amazon-ecr-login/blob/main/CHANGELOG.md) - [Commits](aws-actions/amazon-ecr-login@062b18b...261fc3d) Updates `azure/setup-helm` from 3.5 to 5 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](Azure/setup-helm@5119fcb...dda3372) Updates `snok/install-poetry` from 1.3.4 to 1.4.1 - [Release notes](https://github.com/snok/install-poetry/releases) - [Commits](snok/install-poetry@93ada01...76e04a9) Updates `tschm/token-mint-action` from 1.0.2 to 1.0.3 - [Release notes](https://github.com/tschm/token-mint-action/releases) - [Commits](tschm/token-mint-action@20ae438...eef668a) Updates `mheap/github-action-required-labels` from 5.5.1 to 5.5.2 - [Release notes](https://github.com/mheap/github-action-required-labels/releases) - [Commits](mheap/github-action-required-labels@8afbe8a...0ac283b) Updates `actions/stale` from 10.1.1 to 10.2.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@9971854...b5d41d4) Updates `aquasecurity/trivy-action` from 0.19.0 to 0.35.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@d710430...57a97c7) Updates `actions/download-artifact` from 4.3.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@d3f86a1...3e5f45b) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: astral-sh/setup-uv dependency-version: 7.6.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: peter-evans/find-comment dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: peter-evans/create-or-update-comment dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: crate-ci/typos dependency-version: 1.44.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/github-script dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: gaurav-nelson/github-action-markdown-link-check dependency-version: 1.0.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: anthropics/claude-code-action dependency-version: 1.0.77 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: github/codeql-action dependency-version: 4.34.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: calibreapp/image-actions dependency-version: 1.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/cache dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: google-github-actions/auth dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: google-github-actions/setup-gcloud dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: google-github-actions/get-gke-credentials dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: mxschmitt/action-tmate dependency-version: '3.23' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: peter-evans/repository-dispatch dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: JulienKode/team-labeler-action dependency-version: 2.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: TimonVS/pr-labeler-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: aws-actions/amazon-ecr-login dependency-version: 2.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: azure/setup-helm dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: snok/install-poetry dependency-version: 1.4.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: tschm/token-mint-action dependency-version: 1.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: mheap/github-action-required-labels dependency-version: 5.5.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: actions/stale dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.35.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com>

CLAassistant · 2026-03-24T06:16:49Z

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

socket-security · 2026-03-24T06:19:25Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	urllib3@2.5.0
	setuptools@82.0.1
	sagemaker@2.257.1
	zenml@0.94.1
	python-terraform@0.10.1
	pyment@0.3.3
	pyjwt@2.7.0
	pydantic-ai@1.70.0
	strands-agents-tools@0.2.23
	scikit-learn@1.5.0
	scikit-learn@1.8.0
	pytest@8.0.0rc2
	psutil@7.2.2
	scikit-learn@1.6.0rc1
	qwen-agent@0.0.31
	semantic-kernel@1.41.0
	sqlalchemy@2.0.48
	tox@4.50.3
	uvicorn@0.42.0
	tldextract@5.1.3
	pyyaml-include@2.0b2
	rich@14.3.3
	seaborn@0.13.2
	python-dateutil@2.9.0.post0
	yamlfix@1.19.1
	pytest-rerunfailures@13.0
	sqlalchemy-utils@0.42.1
	types-certifi@2021.10.8.3
	s3fs@2026.2.0
	requests@2.32.5
	uv-build@0.8.24
	typing-extensions@4.15.0
	pytest-instafail@0.5.0
See 33 more rows in the dashboard

View full report

dependabot bot added dependencies Pull requests that update a dependency file internal To filter out internal PRs and issues no-release-notes Release notes will NOT be attached and used publicly for this PR. labels Mar 24, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the all-actions group with 31 updates#4643

Bump the all-actions group with 31 updates#4643
dependabot[bot] wants to merge 1 commit intodevelopfrom
dependabot/github_actions/develop/all-actions-18abc96693

dependabot bot commented on behalf of github Mar 24, 2026

Uh oh!

CLAassistant commented Mar 24, 2026

Uh oh!

socket-security bot commented Mar 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 24, 2026

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v6.2.0

What's Changed

Dependency Upgrades

v6.1.0

What's Changed

Enhancements:

Dependency and Documentation updates:

New Contributors

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

🚀 Enhancements

🧰 Maintenance

⬆️ Dependency updates

v7.5.0 🌈 Use astral-sh/versions as version provider

No more rate-limits

Find Comment v4.0.0

What's Changed

Create or Update Comment v5.0.0

What's Changed

Uh oh!

CLAassistant commented Mar 24, 2026

Uh oh!

socket-security bot commented Mar 24, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

v7.5.0 🌈 Use `astral-sh/versions` as version provider