chore: bump the github-actions group across 1 directory with 11 updates by dependabot[bot] · Pull Request #924 · SableClient/Sable

dependabot · 2026-06-09T01:26:23Z

Bumps the github-actions group with 11 updates in the / directory:

Package	From	To
actions/checkout	`6.0.2`	`6.0.3`
cloudflare/wrangler-action	`3.14.1`	`4.0.0`
actions/github-script	`8.0.0`	`9.0.0`
github/codeql-action	`4.35.1`	`4.36.1`
docker/login-action	`3.7.0`	`4.2.0`
docker/metadata-action	`5.10.0`	`6.1.0`
docker/setup-qemu-action	`3.7.0`	`4.1.0`
docker/setup-buildx-action	`3.12.0`	`4.1.0`
docker/build-push-action	`6.19.2`	`7.2.0`
actions/create-github-app-token	`3.0.0`	`3.2.0`
DeterminateSystems/determinate-nix-action	`3.20.0`	`3.21.0`

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

Update changelog by @ericsciple in actions/checkout#2357

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

Update changelog for v6.0.3 by @yaananth in actions/checkout#2446

New Contributors

@yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

... (truncated)

Commits

df4cb1c Update changelog for v6.0.3 (#2446)
1cce339 Fix checkout init for SHA-256 repositories (#2439)
900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
0c366fd Update changelog (#2357)
See full diff in compare view

Updates cloudflare/wrangler-action from 3.14.1 to 4.0.0

Release notes

Sourced from cloudflare/wrangler-action's releases.

v4.0.0

Major Changes

#412 1029e90 Thanks @ericclemmons! - Update default Wrangler version to v4 (latest). The action now installs Wrangler v4 by default when no wranglerVersion input is specified. Users can still pin to v3 by setting wranglerVersion: "3.90.0" explicitly.

v3.15.0

Minor Changes

#426 febbda6 Thanks @WillTaylorDev! - Support version ranges and tags in wranglerVersion input. You can now set wranglerVersion to values like 4, ^4.0.0, 4.x, or latest instead of only exact versions like 4.81.0.

Changelog

Sourced from cloudflare/wrangler-action's changelog.

Changelog

4.0.0

Major Changes

#412 1029e90 Thanks @ericclemmons! - Update default Wrangler version to v4 (latest). The action now installs Wrangler v4 by default when no wranglerVersion input is specified. Users can still pin to v3 by setting wranglerVersion: "3.90.0" explicitly.

3.15.0

Minor Changes

#426 febbda6 Thanks @WillTaylorDev! - Support version ranges and tags in wranglerVersion input. You can now set wranglerVersion to values like 4, ^4.0.0, 4.x, or latest instead of only exact versions like 4.81.0.

3.14.1

Patch Changes

#358 cd6314a Thanks @penalosa! - Use secret bulk instead of deprecated secret:bulk command

3.14.0

Minor Changes

#351 4ff07f4 Thanks @Maximo-Guk! - Use wrangler outputs for version upload and wrangler deploy

Patch Changes

#350 e209094 Thanks @Maximo-Guk! - Handle failures in createGitHubDeployment and createGitHubJobSummary

3.13.1

Patch Changes

#345 e819570 Thanks @Maximo-Guk! - fix: Pages GitHub Deployment not triggering

3.13.0

Minor Changes

#325 cada7a6 Thanks @Maximo-Guk! - Add GitHub deployments and job summaries for parity with pages-action

#334 9fed19a Thanks @Maximo-Guk! - Bump default wrangler version to 3.90.0

3.12.1

Patch Changes

#319 59c04629408d58978884fadd18755f1a15f96157 Thanks @Maximo-Guk! - Fixes #317: Generate a new output directory with a randomUUID in the tmpDir, so that when the action is executed multiple times, we use the artifacts from that run, opposed to the artifacts from a previous run.

... (truncated)

Commits

ebbaa15 Automatic compilation
a61fbea Merge pull request #429 from cloudflare/changeset-release/main
e804ea3 Version Packages
8d0324a fix: update release workflow to v5 actions and regenerate lockfile
2f18b18 Merge pull request #431 from cloudflare/fix/semgrep-blocking-findings
622ff0d fix: upgrade checkout and setup-node to v5 for Node 24 runtime
f501f05 fix: force GitHub actions to run on Node 24 via env var
f990691 fix: resolve npm audit vulnerabilities via undici override and vitest v3
652762d fix: migrate action runtime from node20 to node24
bd3f4f0 fix: add retry support to worker health check using better-result
Additional commits viewable in compare view

Updates actions/github-script from 8.0.0 to 9.0.0

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.

Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.

getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.

If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

Add ACTIONS_ORCHESTRATION_ID to user-agent string by @Copilot in actions/github-script#695

ci: use deployment: false for integration test environments by @salmanmkc in actions/github-script#712

feat!: add getOctokit to script context, upgrade @actions/github v9, @octokit/core v7, and related packages by @salmanmkc in actions/github-script#700

New Contributors

@Copilot made their first contribution in actions/github-script#695

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits

3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
ca10bbd fix: use @octokit/core/types import for v7 compatibility
86e48e2 merge: incorporate main branch changes
c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
ff8117e ci: fix user-agent test to handle orchestration ID
81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
3953caf docs: update README examples from @v8 to @v9, add getOctokit docs and v9 brea...
c17d55b ci: add getOctokit integration test job
a047196 test: add getOctokit integration tests via callAsyncFunction
Additional commits viewable in compare view

Updates github/codeql-action from 4.35.1 to 4.36.1

Release notes

Sourced from github/codeql-action's releases.

v4.36.1

No user facing changes.

v4.36.0

Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894

Add support for SHA-256 Git object IDs. #3893

Update default CodeQL bundle version to 2.25.5. #3926

v4.35.5

We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899

For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791

If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892

Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

v4.35.4

Update default CodeQL bundle version to 2.25.4. #3881

v4.35.3

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

v4.35.2

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795

The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789

Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794

Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807

Update default CodeQL bundle version to 2.25.2. #3823

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.36.2 - 04 Jun 2026

Cache CodeQL CLI version information across Actions steps. #3943

Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937

Update default CodeQL bundle version to 2.25.6. #3948

4.36.1 - 02 Jun 2026

No user facing changes.

4.36.0 - 22 May 2026

Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894

Add support for SHA-256 Git object IDs. #3893

Update default CodeQL bundle version to 2.25.5. #3926

4.35.5 - 15 May 2026

We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899

For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791

If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892

Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795

The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789

Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794

Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807

Update default CodeQL bundle version to 2.25.2. #3823

... (truncated)

Commits

87557b9 Merge pull request #3940 from github/update-v4.36.1-2a1689ed4
9431011 Update changelog for v4.36.1
2a1689e Merge pull request #3939 from github/henrymercer/skip-overlay-revert-when-exp...
5245323 Disable missing diff-ranges fallback when overlay enabled manually
d1eb120 Merge pull request #3933 from github/update-supported-enterprise-server-versions
115001b Merge pull request #3934 from github/dependabot/npm_and_yarn/npm-minor-86fb5c...
cef2e7a Merge pull request #3925 from github/dependabot/github_actions/dot-github/wor...
5e6adf7 Merge pull request #3936 from github/dependabot/npm_and_yarn/tmp-0.2.7
ad170e6 Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...
6a37b3a Rebuild
Additional commits viewable in compare view

Updates docker/login-action from 3.7.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

Bump @actions/core from 3.0.0 to 3.0.1 in docker/login-action#976

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1050.0 in docker/login-action#960

Bump @docker/actions-toolkit from 0.86.0 to 0.90.0 in docker/login-action#970

Bump brace-expansion from 2.0.1 to 5.0.6 in docker/login-action#993

Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/login-action#985

Bump fast-xml-parser from 5.3.6 to 5.8.0 in docker/login-action#963

Bump http-proxy-agent and https-proxy-agent to 9.0.0 in docker/login-action#961

Bump postcss from 8.5.6 to 8.5.10 in docker/login-action#979

Bump tar from 6.2.1 to 7.5.15 in docker/login-action#991

Bump vite from 7.3.1 to 7.3.3 in docker/login-action#986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

Commits

650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
99df1a3 chore: update generated content
3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
4eefcd3 chore: update generated content
56d092c build(deps): bump @docker/actions-toolkit from 0.86.0 to 0.90.0
e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
0bced94 chore: update generated content
3e75a0f build(deps): bump @actions/core from 3.0.0 to 3.0.1
365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
Additional commits viewable in compare view

Updates docker/metadata-action from 5.10.0 to 6.1.0

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/metadata-action#613

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/metadata-action#658 docker/metadata-action#630

Bump csv-parse from 6.1.0 to 6.2.1 in docker/metadata-action#617

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/metadata-action#620

Bump flatted from 3.3.3 to 3.4.2 in docker/metadata-action#623

Bump glob from 10.3.15 to 10.5.0 in docker/metadata-action#621

Bump handlebars from 4.7.8 to 4.7.9 in docker/metadata-action#629

Bump lodash from 4.17.23 to 4.18.1 in docker/metadata-action#639

Bump moment-timezone from 0.6.0 to 0.6.1 in docker/metadata-action#619

Bump picomatch from 4.0.3 to 4.0.4 in docker/metadata-action#626

Bump postcss from 8.5.6 to 8.5.10 in docker/metadata-action#649

Bump tar from 6.2.1 to 7.5.15 in docker/metadata-action#657

Bump undici from 6.23.0 to 6.25.0 in docker/metadata-action#614

Bump vite from 7.3.1 to 7.3.2 in docker/metadata-action#637

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

v6.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/metadata-action#605

List inputs now preserve # inside values while still supporting full-line # comments by @crazy-max in docker/metadata-action#607

Switch to ESM and update config/test wiring by @crazy-max in docker/metadata-action#602

Bump lodash from 4.17.21 to 4.17.23 in docker/metadata-action#588

Bump @actions/core from 1.11.1 to 3.0.0 in docker/metadata-action#599

Bump @actions/github from 6.0.1 to 9.0.0 in docker/metadata-action#597

Bump @docker/actions-toolkit from 0.68.0 to 0.79.0 in docker/metadata-action#604

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/metadata-action#600

Bump semver from 7.7.3 to 7.7.4 in docker/metadata-action#603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

Commits

80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
8e0ddab chore: update generated content
a8db14b chore(deps): Bump @docker/actions-toolkit from 0.79.0 to 0.90.0
63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
c6916a6 chore: update generated content
aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
43dea76 chore: update generated content
7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3.7.0 to 4.1.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.1.0

Add reset input to uninstall current emulators by @crazy-max in docker/setup-qemu-action#21

Bump @docker/actions-toolkit from 0.77.0 to 0.91.0 in docker/setup-qemu-action#250 docker/setup-qemu-action#247

Bump brace-expansion from 1.1.12 to 1.1.15 in docker/setup-qemu-action#265

Bump fast-xml-builder from 1.0.0 to 1.2.0 in docker/setup-qemu-action#286

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/setup-qemu-action#255

Bump flatted from 3.3.3 to 3.4.2 in docker/setup-qemu-action#257

Bump glob from 10.3.15 to 10.5.0 in docker/setup-qemu-action#254

Bump handlebars from 4.7.8 to 4.7.9 in docker/setup-qemu-action#262

Bump lodash from 4.17.23 to 4.18.1 in docker/setup-qemu-action#273

Bump postcss from 8.5.6 to 8.5.10 in docker/setup-qemu-action#285

Bump tar from 6.2.1 to 7.5.15 in docker/setup-qemu-action#287

Bump tmp from 0.2.5 to 0.2.6 in docker/setup-qemu-action#291

Bump undici from 6.23.0 to 6.26.0 in docker/setup-qemu-action#251

Bump vite from 7.3.1 to 7.3.2 in docker/setup-qemu-action#271

Full Changelog: docker/setup-qemu-action@v4.0.0...v4.1.0

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

Commits

0611638 Merge pull request #21 from crazy-max/uninst
ce59c81 chore: update generated content
2ddad44 uninstall current emulators
8c37cd6 Merge pull request #250 from docker/dependabot/npm_and_yarn/docker/actions-to...
d1a0ff3 chore: update generated content
0a8f3dc build(deps): bump @docker/actions-toolkit from 0.79.0 to 0.91.0
9430f61 Merge pull request #291 from docker/dependabot/npm_and_yarn/tmp-0.2.6
978bd77 chore: update generated content
3479feb build(deps): bump tmp from 0.2.5 to 0.2.6
b113c26 Merge pull request #255 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/setup-buildx-action#489

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/setup-buildx-action#547 docker/setup-buildx-action#508

Bump fast-xml-builder from 1.0.0 to 1.2.0 in docker/setup-buildx-action#540

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/setup-buildx-action#496

Bump flatted from 3.3.3 to 3.4.2 in docker/setup-buildx-action#499

Bump glob from 10.3.12 to 13.0.6 in docker/setup-buildx-action#495

Bump handlebars from 4.7.8 to 4.7.9 in docker/setup-buildx-action#504

Bump lodash from 4.17.23 to 4.18.1 in docker/setup-buildx-action#523

Bump picomatch from 4.0.3 to 4.0.4 in docker/setup-buildx-action#503

Bump postcss from 8.5.6 to 8.5.10 in docker/setup-buildx-action#537

Bump tar from 6.2.1 to 7.5.15 in docker/setup-buildx-action#545

Bump undici from 6.23.0 to 6.25.0 in docker/setup-buildx-action#492

Bump vite from 7.3.1 to 7.3.2 in docker/setup-buildx-action#520

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464Description has been truncated

Bumps the github-actions group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` | | [cloudflare/wrangler-action](https://github.com/cloudflare/wrangler-action) | `3.14.1` | `4.0.0` | | [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.36.1` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.2.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.1.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.1.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.2.0` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `3.0.0` | `3.2.0` | | [DeterminateSystems/determinate-nix-action](https://github.com/determinatesystems/determinate-nix-action) | `3.20.0` | `3.21.0` | Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...df4cb1c) Updates `cloudflare/wrangler-action` from 3.14.1 to 4.0.0 - [Release notes](https://github.com/cloudflare/wrangler-action/releases) - [Changelog](https://github.com/cloudflare/wrangler-action/blob/main/CHANGELOG.md) - [Commits](cloudflare/wrangler-action@da0e0df...ebbaa15) Updates `actions/github-script` from 8.0.0 to 9.0.0 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@ed59741...3a2844b) Updates `github/codeql-action` from 4.35.1 to 4.36.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c10b806...87557b9) Updates `docker/login-action` from 3.7.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...650006c) Updates `docker/metadata-action` from 5.10.0 to 6.1.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@c299e40...80c7e94) Updates `docker/setup-qemu-action` from 3.7.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@c7c5346...0611638) Updates `docker/setup-buildx-action` from 3.12.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8d2750c...d7f5e7f) Updates `docker/build-push-action` from 6.19.2 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@10e90e3...f9f3042) Updates `actions/create-github-app-token` from 3.0.0 to 3.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](actions/create-github-app-token@f8d387b...bcd2ba4) Updates `DeterminateSystems/determinate-nix-action` from 3.20.0 to 3.21.0 - [Release notes](https://github.com/determinatesystems/determinate-nix-action/releases) - [Commits](DeterminateSystems/determinate-nix-action@bafaa63...4eea0b3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/create-github-app-token dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/github-script dependency-version: 9.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: cloudflare/wrangler-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: DeterminateSystems/determinate-nix-action dependency-version: 3.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.36.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the internal label Jun 9, 2026

dependabot Bot requested review from 7w1 and hazre as code owners June 9, 2026 01:26

dependabot Bot force-pushed the dependabot/github_actions/github-actions-212948ff35 branch from 66bfc2d to d1104c2 Compare June 10, 2026 01:26

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore: bump the github-actions group across 1 directory with 11 updates#924

chore: bump the github-actions group across 1 directory with 11 updates#924
dependabot[bot] wants to merge 1 commit into
devfrom
dependabot/github_actions/github-actions-212948ff35

dependabot Bot commented on behalf of github Jun 9, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 9, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.3

What's Changed

New Contributors

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.0.0

Major Changes

v3.15.0

Minor Changes

Changelog

4.0.0

Major Changes

3.15.0

Minor Changes

3.14.1

Patch Changes

3.14.0

Minor Changes

Patch Changes

3.13.1

Patch Changes

3.13.0

Minor Changes

3.12.1

Patch Changes

v9.0.0

What's Changed

New Contributors

v4.36.1

v4.36.0

v4.35.5

v4.35.4

v4.35.3

v4.35.2

CodeQL Action Changelog

[UNRELEASED]

4.36.2 - 04 Jun 2026

4.36.1 - 02 Jun 2026

4.36.0 - 22 May 2026

4.35.5 - 15 May 2026

4.35.4 - 07 May 2026

4.35.3 - 01 May 2026

4.35.2 - 15 Apr 2026

v4.2.0

v4.1.0

v4.0.0

v6.1.0

v6.0.0

v4.1.0

v4.0.0

v4.1.0

v4.0.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Jun 9, 2026 •

edited

Loading