chore(deps): bump the actions group with 13 updates by dependabot[bot] · Pull Request #24 · hyperpolymath/laniakea

dependabot · 2026-05-27T01:51:04Z

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps the actions group with 13 updates:

Package	From	To
actions/checkout	`4.1.1`	`6.0.2`
haskell-actions/setup	`2.7.5`	`2.11.0`
actions/cache	`4.2.3`	`5.0.5`
actions/configure-pages	`5.0.0`	`6.0.0`
actions/upload-pages-artifact	`3.0.1`	`5.0.0`
actions/deploy-pages	`4.0.5`	`5.0.0`
erlef/setup-beam	`1.23.0`	`1.24.0`
denoland/setup-deno	`1.0.0`	`2.0.4`
codecov/codecov-action	`3.1.6`	`6.0.1`
github/codeql-action	`4.34.0`	`4.36.0`
webfactory/ssh-agent	`0.9.1`	`0.10.0`
dtolnay/rust-toolchain	`efa25f7f19611383d5b0ccf2d1c8914531636bf9`	`3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9`
trufflesecurity/trufflehog	`3.93.8`	`3.95.3`

Updates actions/checkout from 4.1.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates haskell-actions/setup from 2.7.5 to 2.11.0

Release notes

Sourced from haskell-actions/setup's releases.

v2.11.0

GHC: try ghcup first, choco only as fallback

What's Changed

Add GHC 9.12.4 and Stack 3.9.3 by @andreasabel in haskell-actions/setup#142

Bump softprops/action-gh-release from 2 to 3 by @dependabot[bot] in haskell-actions/setup#143

GHC: try ghcup first, choco only as fallback by @andreasabel in haskell-actions/setup#144

Full Changelog: haskell-actions/setup@v2.10.3...v2.11.0

v2.10.4

Add GHC 9.12.4 and Stack 3.9.3

What's Changed

Add GHC 9.12.4 and Stack 3.9.3 by @andreasabel in haskell-actions/setup#142

Full Changelog: haskell-actions/setup@v2.10.3...v2.10.4

v2.10.3

Add Stack 3.9.1

What's Changed

Add Stack 3.9.1 by @andreasabel in haskell-actions/setup#138

Full Changelog: haskell-actions/setup@v2.10.2...v2.10.3

v2.10.2

Remove GHCup vanilla channel from defaults

What's Changed

Remove GHCup vanilla channel from defaults by @andreasabel in haskell-actions/setup#137

Full Changelog: haskell-actions/setup@v2.10.1...v2.10.2

... (truncated)

Commits

cd0d9bd GHC: try ghcup first, choco only as fallback
4568e64 Bump softprops/action-gh-release from 2 to 3
de26526 Add GHC 9.12.4 and Stack 3.9.3
f9150cb Add Stack 3.9.1
dc63c94 Remove GHCup vanilla channel from defaults
7786314 await addGhcupReleaseChannel
5757174 Move all ghcup-add-channel commands into same group
ca45ec3 Remove broken GHC 9.12.3
eb29c23 Use GHCup vanilla and prereleases channels by default
243ff44 Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0
Additional commits viewable in compare view

Updates actions/cache from 4.2.3 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

Update ts-http-runtime dependency by @yacaovsnc in actions/cache#1747

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

Add release instructions and update maintainer docs by @Link- in actions/cache#1696

Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @Link- in actions/cache#1697

Fix workflow permissions and cleanup workflow names / formatting by @Link- in actions/cache#1699

docs: Update examples to use the latest version by @XZTDean in actions/cache#1690

Fix proxy integration tests by @Link- in actions/cache#1701

Fix cache key in examples.md for bun.lock by @RyPeck in actions/cache#1722

Update dependencies & patch security vulnerabilities by @Link- in actions/cache#1738

New Contributors

@XZTDean made their first contribution in actions/cache#1690

@RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)

Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

When creating cache entries, 429s returned from the cache service will not be retried.

v5.0.1

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

If you are using self-hosted runners, ensure they are updated before upgrading.

v5.0.1

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

Switch to a new branch from main.

Run npm test to ensure all tests are passing.

Update the version in https://github.com/actions/cache/blob/main/package.json.

Run npm run build to update the compiled files.

Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.

Run licensed cache to update the license report.

Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.

Commit your changes and push your branch upstream.

Open a pull request against main and get it reviewed and merged.

Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json

Create a new tag with the version number.

Auto generate release notes and update them to match the changes you made in RELEASES.md.

Toggle the set as the latest release option.

Publish the release.

Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml

There should be a workflow run queued with the same version number.

Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)

Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)

Bump fast-xml-parser to v5.5.6

5.0.3

Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)

Bump @actions/core to v2.0.3

5.0.2

Bump @actions/cache to v5.0.3 #1692

5.0.1

Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

27d5ce7 Merge pull request #1747 from actions/yacaovsnc/update-dependency
f280785 licensed changes
619aeb1 npm run build generated dist files
bcf16c2 Update ts-http-runtime to 0.3.5
6682284 Merge pull request #1738 from actions/prepare-v5.0.4
e340396 Update RELEASES
8a67110 Add licenses
1865903 Update dependencies & patch security vulnerabilities
5656298 Merge pull request #1722 from RyPeck/patch-1
4e380d1 Fix cache key in examples.md for bun.lock
Additional commits viewable in compare view

Updates actions/configure-pages from 5.0.0 to 6.0.0

Release notes

Sourced from actions/configure-pages's releases.

v6.0.0

Changelog

upgrade to node 24 @salmanmkc (#186)

Upgrade IA Publish @Jcambass (#165)

Add workflow file for publishing releases to immutable action package @Jcambass (#163)

pin draft release version @YiMysty (#162)

Bump espree from 9.6.1 to 10.1.0 @dependabot (#160)

Bump eslint-config-prettier from 8.8.0 to 9.1.0 @dependabot (#143)

Be more friendly to Dependabot @yoannchaudet (#158)

Bump eslint-plugin-github from 4.10.2 to 5.0.1 @dependabot (#154)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group @dependabot (#156)

Bump undici from 5.28.3 to 5.28.4 @dependabot (#145)

See details of all code changes since previous release.

Commits

45bfe01 Merge pull request #186 from salmanmkc/node24
d8770c2 Update Node version from 20 to 24 in action.yml
cb8a1a3 upgrade to node 24
d560657 Merge pull request #165 from actions/Jcambass-patch-1
35e0ac4 Upgrade IA Publish
1dfbcbf Merge pull request #163 from actions/Jcambass-patch-1
2f4f988 Add workflow file for publishing releases to immutable action package
0d7570c Merge pull request #162 from actions/pin-draft-release-verssion
3ea1966 pin draft release version
aabcbc4 Merge pull request #160 from actions/dependabot/npm_and_yarn/espree-10.1.0
Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 3.0.1 to 5.0.0

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

Update upload-artifact action to version 7 @Tom-van-Woudenberg (#139)

feat: add include-hidden-files input @jonchurch (#137)

See details of all code changes since previous release.

v4.0.0

What's Changed

Potentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by @tsusdere in actions/upload-pages-artifact#102 If you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation

Pin actions/upload-artifact to SHA by @heavymachinery in actions/upload-pages-artifact#127

Full Changelog: actions/upload-pages-artifact@v3.0.1...v4.0.0

Commits

fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
fe9d4b7 Merge branch 'main' into patch-1
0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
57f0e84 Update action.yml
4a90348 v7 --> hash
56f665a Update upload-artifact action to version 7
f7615f5 Add include-hidden-files input
7b1f4a7 Merge pull request #127 from heavymachinery/pin-sha
4cc19c7 Pin actions/upload-artifact to SHA
2d163be Merge pull request #107 from KittyChiu/main
Additional commits viewable in compare view

Updates actions/deploy-pages from 4.0.5 to 5.0.0

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

Update Node.js version to 24.x @salmanmkc (#404)

Add workflow file for publishing releases to immutable action package @Jcambass (#374)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @dependabot (#360)

Make the rebuild dist workflow work nicer with Dependabot @yoannchaudet (#361)

Bump the non-breaking-changes group across 1 directory with 3 updates @dependabot (#358)

Delete repeated sentence @garethsb (#359)

Update README.md @tsusdere (#348)

Bump the non-breaking-changes group with 4 updates @dependabot (#341)

Remove error message for file permissions @TooManyBees (#340)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

Commits

cd2ce8f Merge pull request #404 from salmanmkc/node24
bbe2a95 Update Node.js version to 24.x
854d7aa Merge pull request #374 from actions/Jcambass-patch-1
306bb81 Add workflow file for publishing releases to immutable action package
b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
7273294 Bump braces in the npm_and_yarn group across 1 directory
963791f Merge pull request #361 from actions/dependabot-friendly
51bb29d Make the rebuild dist workflow safer for Dependabot
89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
Additional commits viewable in compare view

Updates erlef/setup-beam from 1.23.0 to 1.24.0

Release notes

Sourced from erlef/setup-beam's releases.

v1.24.0

⚠️ Potentially breaking changes

Since GitHub is phasing out Node 20 runners, the erlef/setup-beam action has updated its requirements ([see PR #426](erlef/setup-beam#426)). Please ensure your workflow files are updated to align with the latest GitHub Actions standards to avoid execution failures.

What's Changed

Support Node 24 runtime by @levibuzolic in erlef/setup-beam#426

Fix error that occurs when parsing TOML files that use dotted keys by @mitchellhenke in erlef/setup-beam#444

Automation

Update 3rd party licenses (automation) by @github-actions[bot] in erlef/setup-beam#435, erlef/setup-beam#436, and erlef/setup-beam#442

Security

Bump eslint from 10.0.3 to 10.1.0 by @dependabot[bot] in erlef/setup-beam#439

Bump yauzl from 3.2.0 to 3.2.1 in the npm_and_yarn group across 1 directory by @dependabot[bot] in erlef/setup-beam#437

Bump csv-parse from 6.1.0 to 6.2.1 by @dependabot[bot] in erlef/setup-beam#440

Bump picomatch from 4.0.3 to 4.0.4 in the npm_and_yarn group across 1 directory by @dependabot[bot] in erlef/setup-beam#443

fix: address Prototype Pollution via parse() in NodeJS flatted by @paulo-ferraz-oliveira in erlef/setup-beam#445

New Contributors

@levibuzolic made their first contribution in erlef/setup-beam#426

@mitchellhenke made their first contribution in erlef/setup-beam#444

Full Changelog: erlef/setup-beam@v1...v1.24.0

Commits

fc68ffb Automation: update setup-beam version output to 190c3a5
190c3a5 Fix error that occurs when parsing TOML files that use dotted keys (#444)
92dab89 Automation: update setup-beam version output to 5dfda65
5dfda65 fix: address Prototype Pollution via parse() in NodeJS flatted (#445)
ef385d6 Automation: update setup-beam version output to bf3c3af
bf3c3af Bump picomatch from 4.0.3 to 4.0.4 in the npm_and_yarn group across 1 directo...
e7645e4 Automation: update setup-beam version output to a36098e
a36098e Bump csv-parse from 6.1.0 to 6.2.1 (#440)
87781dc Automation: update setup-beam version output to d5f3979
d5f3979 Support Node 24 runtime (#426)
Additional commits viewable in compare view

Updates denoland/setup-deno from 1.0.0 to 2.0.4

Release notes

Sourced from denoland/setup-deno's releases.

v2.0.4

Full Changelog: denoland/setup-deno@v2.0.3...v2.0.4

v2.0.3

Full Changelog: denoland/setup-deno@v2.0.2...v2.0.3

v2.0.2

What's Changed

feat: add problem matchers for deno lint by @r7kamura in denoland/setup-deno#62

refactor: use GitHub downloads for stable version download by @crowlKats in denoland/setup-deno#91

Full Changelog: denoland/setup-deno@v2.0.1...v2.0.2

v2.0.1

What's Changed

fix: update README and tests by @crowlKats in denoland/setup-deno#85

Full Changelog: denoland/setup-deno@v2.0.0...v2.0.1

v2.0.0

What's Changed

feat: v2 by @lucacasonato in denoland/setup-deno#82

Full Changelog: denoland/setup-deno@v1.5.1...v2.0.0

v1.5.2

What's Changed

refactor: use GitHub downloads for stable version download by @crowlKats in denoland/setup-deno#91

Full Changelog: denoland/setup-deno@v1.5.1...v1.5.2

v1.5.1

What's Changed

fix: use npm install by @lucacasonato in denoland/setup-deno#77

Full Changelog: denoland/setup-deno@v1.5.0...v1.5.1

v1.5.0

What's Changed

feat: allow specifying binary name by @crowlKats in denoland/setup-deno#71

feat: support installing rc versions by @crowlKats in denoland/setup-deno#72

chore: migrate code to ESM by @lucacasonato in denoland/setup-deno#73

Full Changelog: denoland/setup-deno@v1.4.1...v1.5.0

1.4.1

... (truncated)

Commits

667a34c 2.0.3
3f17b4e feat: upgrade Node.js runtime from node20 to node24 (#123)
06fd750 docs: fix identifier for latest stable release (#115)
587bed9 docs: condense Deno version information in one section (#100)
2af9d57 docs: add lts as possible release-channel output (#99)
0c3e771 Update actions/checkout (#106)
e95548e 2.0.3 (#102)
8273ddd fix: switch back to package.json as it's necessary for GH actions (#101)
609c005 feat: include a hash of deno.lock files in the cache key automatically (#98)
aa0fea1 feat: add built-in caching via inputs (#89)
Additional commits viewable in compare view

Updates codecov/codecov-action from 3.1.6 to 6.0.1

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.1

What's Changed

fix: prevent template injection in run: steps (VULN-1652) by @thomasrockhu-codecov in codecov/codecov-action#1947

chore(release): 6.0.1 by @thomasrockhu-codecov in codecov/codecov-action#1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @thomasrockhu-codecov in codecov/codecov-action#1929

Th/6.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @thomasrockhu-codecov in codecov/codecov-action#1926

chore(release): 5.5.4 by @thomasrockhu-codecov in codecov/codecov-action#1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] in codecov/codecov-action#1874

chore(release): bump to 5.5.3 by @thomasrockhu-codecov in codecov/codecov-action#1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

v5.5.2

What's Changed

check gpg only when skip-validation = false by @maxweng-sentry in codecov/codecov-action#1894

chore: disable_search alignment by @freemanzMrojo in codecov/codecov-action#1881

chore(release): 5.5.2 by @thomasrockhu-codecov in codecov/codecov-action#1902

New Contributors

@maxweng-sentry made their first contribution in codecov/codecov-action#1894

@freemanzMrojo made their first contribution in codecov/codecov-action#1881

Full Changelog: codecov/codecov-action@v5.5.1...v5.5.2

v5.5.1

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in codecov/codecov-action#1868

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in codecov/codecov-action#1867

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

docs: fix typo in README by @datalater in codecov/codecov-action#1866

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in codecov/codecov-action#1861

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

fix: Typo in README by @spalmurray in codecov/codecov-action#1838

docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in codecov/codecov-action#1822

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Bumps the actions group with 13 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` | | [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `5.0.5` | | [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [erlef/setup-beam](https://github.com/erlef/setup-beam) | `1.23.0` | `1.24.0` | | [denoland/setup-deno](https://github.com/denoland/setup-deno) | `1.0.0` | `2.0.4` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3.1.6` | `6.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.34.0` | `4.36.0` | | [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` | | [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `efa25f7f19611383d5b0ccf2d1c8914531636bf9` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` | | [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` | Updates `actions/checkout` from 4.1.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.1...de0fac2) Updates `haskell-actions/setup` from 2.7.5 to 2.11.0 - [Release notes](https://github.com/haskell-actions/setup/releases) - [Commits](haskell-actions/setup@ec49483...cd0d9bd) Updates `actions/cache` from 4.2.3 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v4.2.3...27d5ce7) Updates `actions/configure-pages` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](actions/configure-pages@983d773...45bfe01) Updates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@56afc60...fc324d3) Updates `actions/deploy-pages` from 4.0.5 to 5.0.0 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](actions/deploy-pages@d6db901...cd2ce8f) Updates `erlef/setup-beam` from 1.23.0 to 1.24.0 - [Release notes](https://github.com/erlef/setup-beam/releases) - [Commits](erlef/setup-beam@ee09b1e...fc68ffb) Updates `denoland/setup-deno` from 1.0.0 to 2.0.4 - [Release notes](https://github.com/denoland/setup-deno/releases) - [Commits](denoland/setup-deno@4a4e596...667a34c) Updates `codecov/codecov-action` from 3.1.6 to 6.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@ab904c4...e79a696) Updates `github/codeql-action` from 4.34.0 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c6f9311...7211b7c) Updates `webfactory/ssh-agent` from 0.9.1 to 0.10.0 - [Release notes](https://github.com/webfactory/ssh-agent/releases) - [Changelog](https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md) - [Commits](webfactory/ssh-agent@a6f90b1...e838748) Updates `dtolnay/rust-toolchain` from efa25f7f19611383d5b0ccf2d1c8914531636bf9 to 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 - [Release notes](https://github.com/dtolnay/rust-toolchain/releases) - [Commits](dtolnay/rust-toolchain@efa25f7...3c5f7ea) Updates `trufflesecurity/trufflehog` from 3.93.8 to 3.95.3 - [Release notes](https://github.com/trufflesecurity/trufflehog/releases) - [Commits](trufflesecurity/trufflehog@6c05c4a...37b7700) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: haskell-actions/setup dependency-version: 2.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/configure-pages dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/upload-pages-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/deploy-pages dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: erlef/setup-beam dependency-version: 1.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: denoland/setup-deno dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: codecov/codecov-action dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: webfactory/ssh-agent dependency-version: 0.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: dtolnay/rust-toolchain dependency-version: 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 dependency-type: direct:production dependency-group: actions - dependency-name: trufflesecurity/trufflehog dependency-version: 3.95.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>

hyperpolymath · 2026-05-27T13:16:53Z

@dependabot rebase

hyperpolymath · 2026-05-27T13:46:15Z

Closed as superseded (ERR-PR-001): main already carries a newer SHA than this PR proposes. Detected by fix-close-obsolete-pr.sh: actions/checkout SHA stale. Rebasing would regress main. Dependabot will re-file a fresh PR against current main when budget returns.

dependabot · 2026-05-27T13:46:20Z

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

hyperpolymath · 2026-05-27T13:48:07Z

Reopening — closed incorrectly by ERR-PR-001 fix-close-obsolete-pr.sh which used naive main_sha != pr_sha logic. For dependabot version bumps, different SHAs mean the PR is AHEAD of main (newer version), not behind. The rule's direction-check needs proper version-comparison (semver) or git-history-traversal to determine which SHA is older.

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 27, 2026

hyperpolymath closed this May 27, 2026

dependabot Bot deleted the dependabot/github_actions/actions-fa4c9fb140 branch May 27, 2026 13:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): bump the actions group with 13 updates#24

chore(deps): bump the actions group with 13 updates#24
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-fa4c9fb140

dependabot Bot commented on behalf of github May 27, 2026 •

edited

Loading

Uh oh!

hyperpolymath commented May 27, 2026

Uh oh!

hyperpolymath commented May 27, 2026

Uh oh!

dependabot Bot commented on behalf of github May 27, 2026

Uh oh!

hyperpolymath commented May 27, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v2.11.0

What's Changed

v2.10.4

What's Changed

v2.10.3

What's Changed

v2.10.2

What's Changed

v5.0.5

What's Changed

v5.0.4

What's Changed

New Contributors

v5.0.3

What's Changed

v.5.0.2

v5.0.2

What's Changed

v5.0.1

v5.0.1

Releases

How to prepare a release

Changelog

5.0.4

5.0.3

5.0.2

5.0.1

5.0.0

v6.0.0

Changelog

v5.0.0

Changelog

v4.0.0

What's Changed

v5.0.0

Changelog

v1.24.0

⚠️ Potentially breaking changes

What's Changed

New Contributors

v2.0.4

v2.0.3

v2.0.2

What's Changed

v2.0.1

What's Changed

v2.0.0

What's Changed

v1.5.2

What's Changed

dependabot Bot commented on behalf of github May 27, 2026 •

edited

Loading