Skip to content

Bump the actions group across 1 directory with 7 updates#1270

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-ff5ec6ee0d
Open

Bump the actions group across 1 directory with 7 updates#1270
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-ff5ec6ee0d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps the actions group with 7 updates in the / directory:

Package From To
actions/checkout 5 6
tj-actions/changed-files 46.0.5 47.0.5
github/codeql-action 3 4
actions/setup-node 4 6
release-drafter/release-drafter 6 7
peter-evans/slash-command-dispatch 4 5
actions/github-script 7.0.1 8.0.0

Updates actions/checkout from 5 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates tj-actions/changed-files from 46.0.5 to 47.0.5

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.5

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.4...v47.0.5

v47.0.4

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.3...v47.0.4

v47.0.3

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.2...v47.0.3

v47.0.2

What's Changed

... (truncated)

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.5 - (2026-03-03)

🔄 Update

  • Updated README.md (#2805)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (35dace0) - (github-actions[bot])

  • Updated README.md (#2803)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (9ee99eb) - (github-actions[bot])

⚙️ Miscellaneous Tasks

  • deps-dev: Bump @​types/node from 25.3.2 to 25.3.3 (#2814) (22103cc) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.32.4 to 4.32.5 (#2815) (6c02e90) - (dependabot[bot])
  • deps-dev: Bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#2764) (05f9457) - (dependabot[bot])
  • deps: Bump lodash and @​types/lodash (#2807) (52ed872) - (dependabot[bot])
  • deps: Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#2774) (1cc5746) - (dependabot[bot])
  • deps-dev: Bump prettier from 3.7.4 to 3.8.1 (#2775) (de2962f) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.32.2 to 4.32.4 (#2806) (37e96cc) - (dependabot[bot])
  • deps-dev: Bump eslint-plugin-jest from 29.12.1 to 29.15.0 (#2799) (2180b0f) - (dependabot[bot])
  • deps: Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2809) (cf021c1) - (dependabot[bot])
  • deps: Bump actions/download-artifact from 7.0.0 to 8.0.0 (#2810) (b54ac6f) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 25.2.2 to 25.3.2 (#2811) (0f2a510) - (dependabot[bot])

⬆️ Upgrades

  • Upgraded to v47.0.4 (#2802)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (b7ac303) - (github-actions[bot])

47.0.4 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.6 (#2801) (7dee1b0) - (Tonye Jack)

47.0.3 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.0 (#2800) (28b28f6) - (Tonye Jack)

⚙️ Miscellaneous Tasks

  • deps: Bump github/codeql-action from 4.31.10 to 4.32.2 (#2790) (875e6e5) - (dependabot[bot])

... (truncated)

Commits
  • 22103cc chore(deps-dev): bump @​types/node from 25.3.2 to 25.3.3 (#2814)
  • 6c02e90 chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#2815)
  • 05f9457 chore(deps-dev): bump eslint-plugin-prettier from 5.5.4 to 5.5.5 (#2764)
  • 52ed872 chore(deps): bump lodash and @​types/lodash (#2807)
  • 1cc5746 chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#2774)
  • de2962f chore(deps-dev): bump prettier from 3.7.4 to 3.8.1 (#2775)
  • 37e96cc chore(deps): bump github/codeql-action from 4.32.2 to 4.32.4 (#2806)
  • 2180b0f chore(deps-dev): bump eslint-plugin-jest from 29.12.1 to 29.15.0 (#2799)
  • cf021c1 chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#2809)
  • b54ac6f chore(deps): bump actions/download-artifact from 7.0.0 to 8.0.0 (#2810)
  • Additional commits viewable in compare view

Updates github/codeql-action from 3 to 4

Release notes

Sourced from github/codeql-action's releases.

v3.35.1

v3.35.0

v3.34.1

  • Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

v3.34.0

  • Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569
  • We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584
  • Update default CodeQL bundle version to 2.25.0. #3585

v3.33.0

  • Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562 To opt out of this change:
    • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
    • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
    • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557
  • The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559
  • Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563
  • Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564
  • A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

v3.32.6

  • Update default CodeQL bundle version to 2.24.3. #3548

v3.32.5

  • Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507
  • Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487
  • The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515
  • Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516
  • Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498
  • Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512
  • The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

v3.32.4

  • Update default CodeQL bundle version to 2.24.2. #3493
  • Added an experimental change which improves how certificates are generated for the authentication proxy that is used by the CodeQL Action in Default Setup when private package registries are configured. This is expected to generate more widely compatible certificates and should have no impact on analyses which are working correctly already. We expect to roll this change out to everyone in February. #3473
  • When the CodeQL Action is run with debugging enabled in Default Setup and private package registries are configured, the "Setup proxy for registries" step will output additional diagnostic information that can be used for troubleshooting. #3486
  • Added a setting which allows the CodeQL Action to enable network debugging for Java programs. This will help GitHub staff support customers with troubleshooting issues in GitHub-managed CodeQL workflows, such as Default Setup. This setting can only be enabled by GitHub staff. #3485
  • Added a setting which enables GitHub-managed workflows, such as Default Setup, to use a nightly CodeQL CLI release instead of the latest, stable release that is used by default. This will help GitHub staff support customers whose analyses for a given repository or organization require early access to a change in an upcoming CodeQL CLI release. This setting can only be enabled by GitHub staff. #3484

v3.32.3

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

v3.32.2

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

4.32.3 - 13 Feb 2026

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

  • Update default CodeQL bundle version to 2.24.1. #3460

4.32.1 - 02 Feb 2026

  • A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
  • Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

4.32.0 - 26 Jan 2026

  • Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
  • Improved error handling throughout the CodeQL Action. #3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

  • Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

... (truncated)

Commits
  • 5cc552f Merge pull request #3768 from github/dependabot/npm_and_yarn/npm-minor-3536e7...
  • 6b1a9f2 Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-3536e7c6f0
  • 9d3ec57 Merge pull request #3770 from github/dependabot/github_actions/dot-github/wor...
  • 3ff82aa Merge pull request #3575 from github/mbg/ts/sync-checks
  • 4bdd4e7 Merge pull request #3554 from github/sam-robson/overlay-include-diff
  • 23a0098 fix: improve error handling and logging for diff range path resolution
  • ea7b090 Rebuild
  • a663d01 Bump ruby/setup-ruby
  • b659882 Bump the npm-minor group with 5 updates
  • d5bb39f refactor: single source of truth for getDiffRangesJsonFilePath and simplified...
  • Additional commits viewable in compare view

Updates actions/setup-node from 4 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

Updates release-drafter/release-drafter from 6 to 7

Release notes

Sourced from release-drafter/release-drafter's releases.

v7.0.0

What's Changed

Breaking

Bug Fixes

Maintenance

Documentation

Other changes

Dependency Updates

Full Changelog: release-drafter/release-drafter@v6.4.0...v7.0.0

v6.4.0

What's Changed

New

Maintenance

... (truncated)

Commits
  • 139054a chore: release v7.1.1
  • 114efa7 fix: remove disable-releaser and disable-autolabeler from action.yaml (#1564)
  • b23b6d2 test: add semantic prefix replacer example
  • 44a942e chore: release v7.1.0
  • f1f40a0 docs: update README with pull_request_target example (#1561)
  • ebb69bb fix: support pull_request_target event in autolabeler (#1560)
  • bddbd54 ci: make sure PRs have a type label (#1557)
  • 4a66170 fix: empty template when prs all are excluded by labels (#1429)
  • 7431882 feat: filter releases by semver range (#1445)
  • 5a8b0d3 ci: restore CodeQL category lost when matrix was removed
  • Additional commits viewable in compare view

Updates peter-evans/slash-command-dispatch from 4 to 5

Release notes

Sourced from peter-evans/slash-command-dispatch's releases.

Slash Command Dispatch v5.0.0

What's new in v5

What's Changed

New Contributors

Full Changelog: peter-evans/slash-command-dispatch@v4.0.0...v5.0.0

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code major An incompatible API change labels Mar 16, 2026
@netlify
Copy link
Copy Markdown

netlify bot commented Mar 16, 2026
edited
Loading

Deploy Preview for testcontainers-node ready!

Name Link
🔨 Latest commit f1e6e0b
🔍 Latest deploy log https://app.netlify.com/projects/testcontainers-node/deploys/69c9c7c67bcbaf00085d9409
😎 Deploy Preview https://deploy-preview-1270--testcontainers-node.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@dependabot dependabot bot force-pushed the dependabot/github_actions/actions-ff5ec6ee0d branch from 726279c to 82cce33 Compare March 23, 2026 00:45
@dependabot
Bump the actions group across 1 directory with 7 updates
f1e6e0b 
Bumps the actions group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `5` | `6` |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `46.0.5` | `47.0.5` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |
| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `6` | `7` |
| [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch) | `4` | `5` |
| [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `8.0.0` |



Updates `actions/checkout` from 5 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v5...v6)

Updates `tj-actions/changed-files` from 46.0.5 to 47.0.5
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@ed68ef8...22103cc)

Updates `github/codeql-action` from 3 to 4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

Updates `release-drafter/release-drafter` from 6 to 7
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](release-drafter/release-drafter@v6...v7)

Updates `peter-evans/slash-command-dispatch` from 4 to 5
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases)
- [Commits](peter-evans/slash-command-dispatch@v4...v5)

Updates `actions/github-script` from 7.0.1 to 8.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7.0.1...v8.0.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: tj-actions/changed-files
  dependency-version: 47.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: release-drafter/release-drafter
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: peter-evans/slash-command-dispatch
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions-ff5ec6ee0d branch from 82cce33 to f1e6e0b Compare March 30, 2026 00:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code major An incompatible API change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants