Bump the actions-dependencies group across 1 directory with 11 updates by dependabot[bot] · Pull Request #270 · Capstone-Projects-2025-Spring/aac-go-fish

dependabot · 2025-10-27T09:16:04Z

Bumps the actions-dependencies group with 11 updates in the / directory:

Package	From	To
actions/checkout	`4`	`5`
astral-sh/setup-uv	`6.0.1`	`7.1.2`
actions/cache	`4.2.3`	`4.3.0`
actions/upload-artifact	`4.6.2`	`5.0.0`
actions/download-artifact	`4.3.0`	`6.0.0`
sigstore/cosign-installer	`3.8.2`	`4.0.0`
docker/setup-buildx-action	`3.10.0`	`3.11.1`
docker/login-action	`3.4.0`	`3.6.0`
docker/metadata-action	`5.7.0`	`5.8.0`
docker/build-push-action	`6.16.0`	`6.18.0`
actions/setup-python	`5.6.0`	`6.0.0`

Updates actions/checkout from 4 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

Prepare release v4.3.0 by @salmanmkc in actions/checkout#2237

New Contributors

@motss made their first contribution in actions/checkout#1971

@mouismail made their first contribution in actions/checkout#1977

@benwells made their first contribution in actions/checkout#2043

@nebuk89 made their first contribution in actions/checkout#2194

@salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Commits

08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
See full diff in compare view

Updates astral-sh/setup-uv from 6.0.1 to 7.1.2

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.1.2 🌈 Speed up extraction on Windows

Changes

@lazka fixed a bug that caused extracting uv to take up to 30s. Thank you!

🐛 Bug fixes

Use tar for extracting the uv zip file on Windows too @lazka (#660)

🧰 Maintenance

chore: update known checksums for 0.9.5 @github-actions[bot] (#663)

⬆️ Dependency updates

Bump dependencies @eifinger (#664)

Bump github/codeql-action from 4.30.8 to 4.30.9 @dependabot[bot] (#652)

v7.1.1 🌈 Fix empty workdir detection and lowest resolution strategy

Changes

This release fixes a bug where the working-directory input was not used to detect an empty work dir. It also fixes the lowest resolution strategy resolving to latest when only a lower bound was specified.

Special thanks to @tpgillam for the first contribution!

🐛 Bug fixes

Fix "lowest" resolution strategy with lower-bound only @tpgillam (#649)

Use working-directory to detect empty workdir @eifinger (#645)

🧰 Maintenance

chore: update known checksums for 0.9.4 @github-actions[bot] (#651)

chore: update known checksums for 0.9.3 @github-actions[bot] (#644)

📚 Documentation

Change version in docs to v7 @eifinger (#647)

⬆️ Dependency updates

Bump github/codeql-action from 4.30.7 to 4.30.8 @dependabot[bot] (#639)

Bump actions/setup-node from 5.0.0 to 6.0.0 @dependabot[bot] (#641)

Bump eifinger/actionlint-action from 1.9.1 to 1.9.2 @dependabot[bot] (#634)

Update lockfile with latest npm @eifinger (#636)

v7.1.0 🌈 Support all the use cases

Changes

Support all the use cases!!!

... (truncated)

Commits

8585678 Bump dependencies (#664)
22d500a Bump github/codeql-action from 4.30.8 to 4.30.9 (#652)
14d5571 chore: update known checksums for 0.9.5 (#663)
29cd235 Use tar for extracting the uv zip file on Windows too (#660)
2ddd2b9 chore: update known checksums for 0.9.4 (#651)
b7bf789 Fix "lowest" resolution strategy with lower-bound only (#649)
cb6c0a5 Change version in docs to v7 (#647)
dffc629 Use working-directory to detect empty workdir (#645)
6e346e1 chore: update known checksums for 0.9.3 (#644)
3ccd0fd Bump github/codeql-action from 4.30.7 to 4.30.8 (#639)
Additional commits viewable in compare view

Updates actions/cache from 4.2.3 to 4.3.0

Release notes

Sourced from actions/cache's releases.

v4.3.0

What's Changed

Add note on runner versions by @GhadimiR in actions/cache#1642

Prepare v4.3.0 release by @Link- in actions/cache#1655

New Contributors

@GhadimiR made their first contribution in actions/cache#1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

Update README.md by @nebuk89 in actions/cache#1620

Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @Link- in actions/cache#1634

Prepare release 4.2.4 by @Link- in actions/cache#1636

New Contributors

@nebuk89 made their first contribution in actions/cache#1620

Full Changelog: actions/cache@v4...v4.2.4

Changelog

Sourced from actions/cache's changelog.

Releases

4.3.0

Bump @actions/cache to v4.1.0

4.2.4

Bump @actions/cache to v4.0.5

4.2.3

Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

Bump @actions/cache to v4.0.2

4.2.1

Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474

Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

Restore original behavior of cache-hit output - #1467

4.1.0

Ensure cache-hit output is set when a cache is missed - #1404

Deprecate save-always input - #1452

... (truncated)

Commits

0057852 Merge pull request #1655 from actions/Link-/prepare-4.3.0
4f5ea67 Update licensed cache
9fcad95 Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release
638ed79 Merge pull request #1642 from actions/GhadimiR-patch-1
3862dcc Add note on runner versions
0400d5f Merge pull request #1636 from actions/Link-/release-4.2.4
374a27f Prepare release 4.2.4
358a730 Merge pull request #1634 from actions/Link-/optimise-deps
2ee706e Fix with another approach
94f7b5d Fix bundle exec
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 5.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @GhadimiR in actions/upload-artifact#681

Update README.md by @nebuk89 in actions/upload-artifact#712

Readme: spell out the first use of GHES by @danwkennedy in actions/upload-artifact#727

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/upload-artifact#725

Bump @actions/artifact to v4.0.0

Prepare v5.0.0 by @danwkennedy in actions/upload-artifact#734

New Contributors

@GhadimiR made their first contribution in actions/upload-artifact#681

@nebuk89 made their first contribution in actions/upload-artifact#712

@danwkennedy made their first contribution in actions/upload-artifact#727

@patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits

330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
03f2824 Update github.dep.yml
905a1ec Prepare v5.0.0
2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
9687587 Merge branch 'main' into patch-1
2848b2c Merge pull request #727 from danwkennedy/patch-1
9b51177 Spell out the first use of GHES
cd231ca Update GHES guidance to include reference to Node 20 version
de65e23 Merge pull request #712 from actions/nebuk89-patch-1
8747d8c Update README.md
Additional commits viewable in compare view

Updates actions/download-artifact from 4.3.0 to 6.0.0

Release notes

Sourced from actions/download-artifact's releases.

v6.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README for download-artifact v5 changes by @yacaovsnc in actions/download-artifact#417

Update README with artifact extraction details by @yacaovsnc in actions/download-artifact#424

Readme: spell out the first use of GHES by @danwkennedy in actions/download-artifact#431

Bump @actions/artifact to v4.0.0

Prepare v6.0.0 by @danwkennedy in actions/download-artifact#438

New Contributors

@danwkennedy made their first contribution in actions/download-artifact#431

Full Changelog: actions/download-artifact@v5...v6.0.0

v5.0.0

What's Changed

Update README.md by @nebuk89 in actions/download-artifact#407

BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @GrantBirki in actions/download-artifact#416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

By name: name: my-artifact → extracted to path/ (direct)

By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

By name: name: my-artifact → extracted to path/ (unchanged)

By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:

You download artifacts by name

You download multiple artifacts by ID

You already use merge-multiple: true as a workaround

⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

... (truncated)

Commits

018cc2c Merge pull request #438 from actions/danwkennedy/prepare-6.0.0
815651c Revert "Remove github.dep.yml"
bb3a066 Remove github.dep.yml
fa1ce46 Prepare v6.0.0
4a24838 Merge pull request #431 from danwkennedy/patch-1
5e3251c Readme: spell out the first use of GHES
abefc31 Merge pull request #424 from actions/yacaovsnc/update_readme
ac43a60 Update README with artifact extraction details
de96f46 Merge pull request #417 from actions/yacaovsnc/update_readme
7993cb4 Remove migration guide for artifact download changes
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 3.8.2 to 4.0.0

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.0.0

What's Changed?

Note: You must upgrade to cosign-installer v4 if you want to install Cosign v3+. You may still install Cosign v2.x with cosign-installer v4.

In version v3+, using cosign sign-blob requires adding the --bundle flag which may require you to update your signing command.

Add support for Cosign v3 releases (#201)

v3.10.1

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

Bump default Cosign to v2.6.1 (#203)

v3.10.0

What's Changed

Bump default Cosign to v2.6.0 in sigstore/cosign-installer#200

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

What's Changed

not fail fast and setup permissions in sigstore/cosign-installer#195

drop old unsupported versions <v2.0.0 in sigstore/cosign-installer#192

Update default to v2.5.3 in sigstore/cosign-installer#196

Full Changelog: sigstore/cosign-installer@v3.9.1...v3.9.2

v3.9.1

What's Changed

default action install to use release v2.5.1 by @cpanato in sigstore/cosign-installer#193

default cosign to v2.5.2 by @cpanato in sigstore/cosign-installer#194

Full Changelog: sigstore/cosign-installer@v3.9.0...v3.9.1

v3.9.0

What's Changed

Bump actions/setup-go from 5.4.0 to 5.5.0 by @dependabot in sigstore/cosign-installer#189

bump cosign install to use release v2.5.0 as default by @cpanato in sigstore/cosign-installer#191

Full Changelog: sigstore/cosign-installer@v3...v3.9.0

Commits

faadad0 add support for cosign v3 releases (#201)
d7543c9 Bump default Cosign to v2.6.0 (#200)
920f20f Bump actions/setup-go from 5.5.0 to 6.0.0 (#199)
bb9dfc1 Bump actions/github-script from 7.0.1 to 8.0.0 (#198)
074636b Bump actions/checkout from 4.2.2 to 5.0.0 (#197)
d58896d Update default to v2.5.3 (#196)
e40248c drop old unsupported versions <v2.0.0 (#192)
d9374b9 not fail fast and setup permissions (#195)
398d4b0 default cosign to v2.5.2 (#194)
84f54a2 default action install to use release v2.5.1 (#193)
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.10.0 to 3.11.1

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.11.1

Fix keep-state not being respected by @crazy-max in docker/setup-buildx-action#429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Keep BuildKit state support by @crazy-max in docker/setup-buildx-action#427

Remove aliases created when installing by default by @hashhar in docker/setup-buildx-action#139

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/setup-buildx-action#422 docker/setup-buildx-action#425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

Commits

e468171 Merge pull request #429 from crazy-max/fix-keep-state
a3e7502 chore: update generated content
b145473 fix keep-state not being respected
18ce135 Merge pull request #425 from docker/dependabot/npm_and_yarn/docker/actions-to...
0e198e9 chore: update generated content
05f3f3a build(deps): bump @docker/actions-toolkit from 0.61.0 to 0.62.1
6229134 Merge pull request #427 from crazy-max/keep-state
c6f6a07 chore: update generated content
6c5e29d skip builder creation if one already exists with the same name
548b297 ci: keep-state check
Additional commits viewable in compare view

Updates docker/login-action from 3.4.0 to 3.6.0

Release notes

Sourced from docker/login-action's releases.

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

Bump @aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870

Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

Commits

5e57cd1 Merge pull request #890 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
97e3143 chore: update generated content
3a0796b build(deps): bump the aws-sdk-dependencies group with 2 updates
5b7b28b Merge pull request #882 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
abc9fb3 chore: update generated content
d468688 build(deps): bump the aws-sdk-dependencies group with 2 updates
a99b2f8 Merge pull request #883 from docker/dependabot/npm_and_yarn/docker/actions-to...
0d7fae8 chore: update generated content
9832253 build(deps): bump @docker/actions-toolkit from 0.62.1 to 0.63.0
09e05bb Merge pull request #881 from docker/dependabot/npm_and_yarn/tmp-0.2.4
Additional commits viewable in compare view

Updates docker/metadata-action from 5.7.0 to 5.8.0

Release notes

Sourced from docker/metadata-action's releases.

v5.8.0

New is_not_default_branch global expression by @crazy-max in docker/metadata-action#535

Allow to match part of the git tag or value for semver/pep440 types by @crazy-max in docker/metadata-action#536 docker/metadata-action#537

Bump @actions/github from 6.0.0 to 6.0.1 in docker/metadata-action#523

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/metadata-action#526

Bump form-data from 2.5.1 to 2.5.5 in docker/metadata-action#533

Bump moment-timezone from 0.5.47 to 0.6.0 in docker/metadata-action#525

Bump semver from 7.7.1 to 7.7.2 in docker/metadata-action#524

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

Commits

c1e5197 Merge pull request #537 from crazy-max/pep440-match
89dd65a chore: update generated content
699ee45 allow to match part of the git tag or value for pep440 type
e0542a6 Merge pull request #536 from crazy-max/semver-match
b7facdf chore: update generated content
81c60df allow to match part of the git tag or value for semver type
de11195 Merge pull request #535 from crazy-max/not_def_branch
2f9c64b Merge pull request #533 from docker/dependabot/npm_and_yarn/form-data-2.5.5
510f746 chore: update generated content
2bc3f4e is_not_default_branch global expression
Additional commits viewable in compare view

Updates docker/build-push-action from 6.16.0 to 6.18.0

Release notes

Sourced from docker/build-push-action's releases.

v6.18.0

Bump @docker/actions-toolkit from 0.61.0 to 0.62.1 in docker/build-push-action#1381

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Bump @docker/actions-toolkit from 0.59.0 to 0.61.0 by @crazy-max in docker/build-push-action#1364

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

Commits

2634353 Merge pull request #1381 from docker/dependabot/npm_and_yarn/docker/actions-t...
c0432d2 chore: update generated content
0bb1f27 set builder driver and endpoint attributes for dbc summary support
5f9dbf9 chore(deps): Bump @docker/actions-toolkit from 0.61.0 to 0.62.1
0788c44 Merge pull request #1375 from crazy-max/remove-gcr
aa179ca e2e: remove GCR
1dc7386 Merge pull request #1364 from crazy-max/history-export-cmd
9c9803f chore: update generated content
db1f6c4 DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export
721e8c7 Bump @docker/actions-toolkit from 0.59.0 to 0.61.0
See full diff in compare view

Updates actions/setup-python from 5.6.0 to 6.0.0

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

Commits

e797f83 Upgrade to node 24 (#1164)
3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
5b668cf Bump actions/checkout from 4 to 5 (#1181)
f62a0e2 Change missing cache directory error to warning (#1182)
9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
36da51d Add version parsing from Pipfile (#1067)
3c6f142 update documentation (#1156)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
`@depe...

Description has been truncated

Bumps the actions-dependencies group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `6.0.1` | `7.1.2` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `4.3.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `5.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `6.0.0` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.8.2` | `4.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.10.0` | `3.11.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `3.6.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.7.0` | `5.8.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.16.0` | `6.18.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.0.0` | Updates `actions/checkout` from 4 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v4...v5) Updates `astral-sh/setup-uv` from 6.0.1 to 7.1.2 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@6b9c606...8585678) Updates `actions/cache` from 4.2.3 to 4.3.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@5a3ec84...0057852) Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) Updates `actions/download-artifact` from 4.3.0 to 6.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@d3f86a1...018cc2c) Updates `sigstore/cosign-installer` from 3.8.2 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@3454372...faadad0) Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@b5ca514...e468171) Updates `docker/login-action` from 3.4.0 to 3.6.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@74a5d14...5e57cd1) Updates `docker/metadata-action` from 5.7.0 to 5.8.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@902fa8e...c1e5197) Updates `docker/build-push-action` from 6.16.0 to 6.18.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@14487ce...2634353) Updates `actions/setup-python` from 5.6.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a26af69...e797f83) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: astral-sh/setup-uv dependency-version: 7.1.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: actions/cache dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: actions/download-artifact dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies - dependency-name: docker/setup-buildx-action dependency-version: 3.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: docker/metadata-action dependency-version: 5.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: docker/build-push-action dependency-version: 6.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-dependencies - dependency-name: actions/setup-python dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 27, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the actions-dependencies group across 1 directory with 11 updates#270

Bump the actions-dependencies group across 1 directory with 11 updates#270
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-dependencies-9976c9bc54

dependabot bot commented on behalf of github Oct 27, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Oct 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.0

What's Changed

New Contributors

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

v7.1.2 🌈 Speed up extraction on Windows

Changes

🐛 Bug fixes

🧰 Maintenance

⬆️ Dependency updates

v7.1.1 🌈 Fix empty workdir detection and lowest resolution strategy

Changes

🐛 Bug fixes

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

v7.1.0 🌈 Support all the use cases

Changes

v4.3.0

What's Changed

New Contributors

v4.2.4

What's Changed

New Contributors

Releases

4.3.0

4.2.4

4.2.3

4.2.2

4.2.1

4.2.0

4.1.2

4.1.1

4.1.0

v5.0.0

What's Changed

New Contributors

v6.0.0

What's Changed

New Contributors

v5.0.0

What's Changed

v5.0.0

🚨 Breaking Change

What Changed

Migration Guide

✅ No Action Needed If:

⚠️ Action Required If:

v4.0.0

What's Changed?

v3.10.1

What's Changed?

v3.10.0

What's Changed

v3.9.2

What's Changed

v3.9.1

What's Changed

v3.9.0

What's Changed

v3.11.1

v3.11.0

v3.6.0

v3.5.0

v5.8.0

v6.18.0

v6.17.0

v6.0.0

What's Changed

Breaking Changes

Enhancements:

dependabot bot commented on behalf of github Oct 27, 2025 •

edited

Loading