Skip to content

ci: bump the github-actions group across 1 directory with 41 updates#792

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/github-actions-1db2a3877f
Open

ci: bump the github-actions group across 1 directory with 41 updates#792
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/github-actions-1db2a3877f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown

Bumps the github-actions group with 41 updates in the / directory:

Package From To
step-security/harden-runner 2.12.2 2.19.4
actions/checkout 4.2.2 7.0.0
dorny/paths-filter 3.0.2 4.0.1
actions/cache 4.2.3 6.1.0
crate-ci/typos 1.34.0 1.47.2
azure/setup-helm 4.3.0 5.0.1
actions/upload-artifact 4.6.2 7.0.1
chromaui/action 13.1.2 17.7.2
maxim-lobanov/setup-xcode 1.6.0 1.7.0
docker/login-action 3.4.0 4.2.0
actions/setup-java 4.7.1 5.4.0
google-github-actions/auth 2.1.10 3.0.0
google-github-actions/setup-gcloud 2.1.4 3.0.1
actions/download-artifact 4.3.0 8.0.1
actions/attest 2.4.0 4.1.1
fluxcd/flux2/action 2.6.3 2.8.8
google-github-actions/get-gke-credentials 2.3.3 3.0.0
superfly/flyctl-actions/setup-flyctl 1.5 1.6
actions/github-script 7.0.1 9.0.0
dependabot/fetch-metadata 2.4.0 3.1.0
depot/setup-action 1.6.0 1.7.1
depot/build-push-action 1.15.0 1.18.0
tj-actions/changed-files cf79a64fed8a943fb1073260883d08fe0dfb4e56 934b2d2c7e653bb8c968afed5a0428617f09aa24
nixbuild/nix-quick-install-action 32 35
nix-community/cache-nix-action 6.1.3 7.0.2
tj-actions/branch-names 8.2.1 9.0.2
docker/setup-buildx-action 3.11.1 4.1.0
toshimaru/auto-author-assign 2.1.1 3.0.3
peter-evans/find-comment 3.1.0 4.0.0
peter-evans/create-or-update-comment 4.0.0 5.0.0
benc-uk/workflow-dispatch 1.2.4 1.3.2
peter-evans/repository-dispatch 3.0.0 4.0.1
ossf/scorecard-action 2.4.2 2.4.3
github/codeql-action/upload-sarif 3.29.2 4.36.2
github/codeql-action/init 3.29.2 4.36.2
github/codeql-action/analyze 3.29.2 4.36.2
aquasecurity/trivy-action 0.32.0 0.36.0
actions/stale 9.1.0 10.3.0
Mattraks/delete-workflow-runs 2.0.6 2.1.0
coder/start-workspace-action 35a4608cefc7e8cc56573cae7c3b85304575cb72 f97a681b4cc7985c9eef9963750c7cc6ebc93a19
umbrelladocs/action-linkspector 1.3.6 1.5.4

Updates step-security/harden-runner from 2.12.2 to 2.19.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.4

What's Changed

  • Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

What's Changed

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

  • Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

v2.19.1

What's Changed

What the fix changes

  • Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

  • Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).
  • Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

v2.19.0

What's Changed

New Runner Support

Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.

Automated Incident Response for Supply Chain Attacks

  • Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.
  • System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).

Bug Fixes

Windows and macOS: stability and reliability fixes

... (truncated)

Commits
  • 9af89fc Merge pull request #667 from step-security/update-agent-v1.8.6
  • 485dce8 Update agent to v1.8.6
  • ab7a940 Merge pull request #665 from step-security/fix/use-policy-store-default-audit
  • ec41b78 Default to audit mode when api-key missing with use-policy-store
  • 9ca718d Merge pull request #664 from step-security/update-agent-v1.8.5
  • 1dee3df Update agent to v1.8.5
  • a5ad31d Merge pull request #657 from devantler/fix/ubuntu-slim-user-env
  • 6e92856 build dist and trim ubuntu-slim message
  • 4e0504e Merge branch 'main' into fix/ubuntu-slim-user-env
  • 8d3c67d Release v2.19.0 (#661)
  • Additional commits viewable in compare view

Updates actions/checkout from 4.2.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates dorny/paths-filter from 3.0.2 to 4.0.1

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.1

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v4.0.0...v4.0.1

v4.0.0

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v3...v3.0.3

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.1

v2.11.0

v2.10.2

v2.10.1

v2.10.0

v2.9.3

v2.9.2

v2.9.1

v2.9.0

... (truncated)

Commits
  • fbd0ab8 feat: add merge_group event support
  • efb1da7 feat: add dist/ freshness check to PR workflow
  • d8f7b06 Merge pull request #302 from dorny/issue-299
  • addbc14 Update README for v4
  • 9d7afb8 Update CHANGELOG for v4.0.0
  • 782470c Merge branch 'releases/v3'
  • d1c1ffe Update CHANGELOG for v3.0.3
  • ce10459 Merge pull request #294 from saschabratton/master
  • 5f40380 feat: update action runtime to node24
  • 668c092 Merge pull request #279 from wardpeet/patch-1
  • Additional commits viewable in compare view

Updates actions/cache from 4.2.3 to 6.1.0

Release notes

Sourced from actions/cache's releases.

v6.1.0

What's Changed

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

New Contributors

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR feedback
  • 6074912 Rebuild dist bundles as ESM to match type:module
  • 5a912e8 Fix lint and jest issues
  • Additional commits viewable in compare view

Updates crate-ci/typos from 1.34.0 to 1.47.2

Release notes

Sourced from crate-ci/typos's releases.

v1.47.2

[1.47.2] - 2026-06-04

Fixes

  • Don't correct inferrable
  • Correct unused inferible variant

v1.47.1

[1.47.1] - 2026-06-03

Fixes

  • Don't correct requestors

v1.47.0

[1.47.0] - 2026-05-29

Features

  • Updated the dictionary with the May 2026 changes

v1.46.3

[1.46.3] - 2026-05-23

Fixes

  • Don't correct to sequentials
  • Don't correct to subdolder

v1.46.2

[1.46.2] - 2026-05-16

Fixes

  • Don't correct to criterias
  • Don't correct to replaceables

v1.46.1

[1.46.1] - 2026-05-08

Fixes

  • Don't correct to confidentials

v1.46.0

[1.46.0] - 2026-04-30

Features

... (truncated)

Changelog

Sourced from crate-ci/typos's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[Unreleased] - ReleaseDate

[1.47.2] - 2026-06-04

Fixes

  • Don't correct inferrable
  • Correct unused inferible variant

[1.47.1] - 2026-06-03

Fixes

  • Don't correct requestors

[1.47.0] - 2026-05-29

Features

  • Updated the dictionary with the May 2026 changes

[1.46.3] - 2026-05-23

Fixes

  • Don't correct to sequentials
  • Don't correct to subdolder

[1.46.2] - 2026-05-16

Fixes

  • Don't correct to criterias
  • Don't correct to replaceables

[1.46.1] - 2026-05-08

Fixes

  • Don't correct to confidentials

[1.46.0] - 2026-04-30

... (truncated)

Commits

Updates azure/setup-helm from 4.3.0 to 5.0.1

Release notes

Sourced from azure/setup-helm's releases.

v5.0.1

Fixed

Changed

v5.0.0

Changed

v4.3.1

Changed

... (truncated)

Changelog

Sourced from azure/setup-helm's changelog.

Change Log

[5.0.1] - 2026-06-23

Fixed

Changed

[5.0.0] - 2026-03-23

Changed

... (truncated)

Commits

Bumps the github-actions group with 41 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.12.2` | `2.19.4` |
| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `7.0.0` |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3.0.2` | `4.0.1` |
| [actions/cache](https://github.com/actions/cache) | `4.2.3` | `6.1.0` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.34.0` | `1.47.2` |
| [azure/setup-helm](https://github.com/azure/setup-helm) | `4.3.0` | `5.0.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |
| [chromaui/action](https://github.com/chromaui/action) | `13.1.2` | `17.7.2` |
| [maxim-lobanov/setup-xcode](https://github.com/maxim-lobanov/setup-xcode) | `1.6.0` | `1.7.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.4.0` | `4.2.0` |
| [actions/setup-java](https://github.com/actions/setup-java) | `4.7.1` | `5.4.0` |
| [google-github-actions/auth](https://github.com/google-github-actions/auth) | `2.1.10` | `3.0.0` |
| [google-github-actions/setup-gcloud](https://github.com/google-github-actions/setup-gcloud) | `2.1.4` | `3.0.1` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |
| [actions/attest](https://github.com/actions/attest) | `2.4.0` | `4.1.1` |
| [fluxcd/flux2/action](https://github.com/fluxcd/flux2) | `2.6.3` | `2.8.8` |
| [google-github-actions/get-gke-credentials](https://github.com/google-github-actions/get-gke-credentials) | `2.3.3` | `3.0.0` |
| [superfly/flyctl-actions/setup-flyctl](https://github.com/superfly/flyctl-actions) | `1.5` | `1.6` |
| [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `9.0.0` |
| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.4.0` | `3.1.0` |
| [depot/setup-action](https://github.com/depot/setup-action) | `1.6.0` | `1.7.1` |
| [depot/build-push-action](https://github.com/depot/build-push-action) | `1.15.0` | `1.18.0` |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `cf79a64fed8a943fb1073260883d08fe0dfb4e56` | `934b2d2c7e653bb8c968afed5a0428617f09aa24` |
| [nixbuild/nix-quick-install-action](https://github.com/nixbuild/nix-quick-install-action) | `32` | `35` |
| [nix-community/cache-nix-action](https://github.com/nix-community/cache-nix-action) | `6.1.3` | `7.0.2` |
| [tj-actions/branch-names](https://github.com/tj-actions/branch-names) | `8.2.1` | `9.0.2` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.11.1` | `4.1.0` |
| [toshimaru/auto-author-assign](https://github.com/toshimaru/auto-author-assign) | `2.1.1` | `3.0.3` |
| [peter-evans/find-comment](https://github.com/peter-evans/find-comment) | `3.1.0` | `4.0.0` |
| [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) | `4.0.0` | `5.0.0` |
| [benc-uk/workflow-dispatch](https://github.com/benc-uk/workflow-dispatch) | `1.2.4` | `1.3.2` |
| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.1` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `3.29.2` | `4.36.2` |
| [github/codeql-action/init](https://github.com/github/codeql-action) | `3.29.2` | `4.36.2` |
| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `3.29.2` | `4.36.2` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.32.0` | `0.36.0` |
| [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.3.0` |
| [Mattraks/delete-workflow-runs](https://github.com/mattraks/delete-workflow-runs) | `2.0.6` | `2.1.0` |
| [coder/start-workspace-action](https://github.com/coder/start-workspace-action) | `35a4608cefc7e8cc56573cae7c3b85304575cb72` | `f97a681b4cc7985c9eef9963750c7cc6ebc93a19` |
| [umbrelladocs/action-linkspector](https://github.com/umbrelladocs/action-linkspector) | `1.3.6` | `1.5.4` |



Updates `step-security/harden-runner` from 2.12.2 to 2.19.4
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@6c439dc...9af89fc)

Updates `actions/checkout` from 4.2.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@11bd719...9c091bb)

Updates `dorny/paths-filter` from 3.0.2 to 4.0.1
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](dorny/paths-filter@de90cc6...fbd0ab8)

Updates `actions/cache` from 4.2.3 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@5a3ec84...55cc834)

Updates `crate-ci/typos` from 1.34.0 to 1.47.2
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](crate-ci/typos@392b78f...37bb988)

Updates `azure/setup-helm` from 4.3.0 to 5.0.1
- [Release notes](https://github.com/azure/setup-helm/releases)
- [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md)
- [Commits](Azure/setup-helm@b9e5190...9bc31f4)

Updates `actions/upload-artifact` from 4.6.2 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@ea165f8...043fb46)

Updates `chromaui/action` from 13.1.2 to 17.7.2
- [Release notes](https://github.com/chromaui/action/releases)
- [Changelog](https://github.com/chromaui/action/blob/main/CHANGELOG.md)
- [Commits](chromaui/action@4d8ebd1...7ffa934)

Updates `maxim-lobanov/setup-xcode` from 1.6.0 to 1.7.0
- [Release notes](https://github.com/maxim-lobanov/setup-xcode/releases)
- [Commits](maxim-lobanov/setup-xcode@60606e2...ed7a3b1)

Updates `docker/login-action` from 3.4.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@74a5d14...650006c)

Updates `actions/setup-java` from 4.7.1 to 5.4.0
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@c5195ef...1bcf9fb)

Updates `google-github-actions/auth` from 2.1.10 to 3.0.0
- [Release notes](https://github.com/google-github-actions/auth/releases)
- [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/auth@ba79af0...7c6bc77)

Updates `google-github-actions/setup-gcloud` from 2.1.4 to 3.0.1
- [Release notes](https://github.com/google-github-actions/setup-gcloud/releases)
- [Changelog](https://github.com/google-github-actions/setup-gcloud/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/setup-gcloud@77e7a55...aa5489c)

Updates `actions/download-artifact` from 4.3.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@d3f86a1...3e5f45b)

Updates `actions/attest` from 2.4.0 to 4.1.1
- [Release notes](https://github.com/actions/attest/releases)
- [Changelog](https://github.com/actions/attest/blob/main/RELEASE.md)
- [Commits](actions/attest@ce27ba3...a1948c3)

Updates `fluxcd/flux2/action` from 2.6.3 to 2.8.8
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Commits](fluxcd/flux2@bda4c81...1fd61a0)

Updates `google-github-actions/get-gke-credentials` from 2.3.3 to 3.0.0
- [Release notes](https://github.com/google-github-actions/get-gke-credentials/releases)
- [Changelog](https://github.com/google-github-actions/get-gke-credentials/blob/main/CHANGELOG.md)
- [Commits](google-github-actions/get-gke-credentials@d0cee45...3da1e46)

Updates `superfly/flyctl-actions/setup-flyctl` from 1.5 to 1.6
- [Release notes](https://github.com/superfly/flyctl-actions/releases)
- [Commits](superfly/flyctl-actions@fc53c09...ed8efb3)

Updates `actions/github-script` from 7.0.1 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@60a0d83...3a2844b)

Updates `dependabot/fetch-metadata` from 2.4.0 to 3.1.0
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@08eff52...25dd0e3)

Updates `depot/setup-action` from 1.6.0 to 1.7.1
- [Release notes](https://github.com/depot/setup-action/releases)
- [Commits](depot/setup-action@b0b1ea4...15c09a5)

Updates `depot/build-push-action` from 1.15.0 to 1.18.0
- [Release notes](https://github.com/depot/build-push-action/releases)
- [Commits](depot/build-push-action@2583627...98e78ad)

Updates `tj-actions/changed-files` from cf79a64fed8a943fb1073260883d08fe0dfb4e56 to 934b2d2c7e653bb8c968afed5a0428617f09aa24
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@cf79a64...934b2d2)

Updates `nixbuild/nix-quick-install-action` from 32 to 35
- [Release notes](https://github.com/nixbuild/nix-quick-install-action/releases)
- [Changelog](https://github.com/nixbuild/nix-quick-install-action/blob/master/RELEASE)
- [Commits](nixbuild/nix-quick-install-action@63ca48f...9f63be7)

Updates `nix-community/cache-nix-action` from 6.1.3 to 7.0.2
- [Release notes](https://github.com/nix-community/cache-nix-action/releases)
- [Changelog](https://github.com/nix-community/cache-nix-action/blob/main/RELEASES.md)
- [Commits](nix-community/cache-nix-action@135667e...7df957e)

Updates `tj-actions/branch-names` from 8.2.1 to 9.0.2
- [Release notes](https://github.com/tj-actions/branch-names/releases)
- [Changelog](https://github.com/tj-actions/branch-names/blob/main/HISTORY.md)
- [Commits](tj-actions/branch-names@dde14ac...5250492)

Updates `docker/setup-buildx-action` from 3.11.1 to 4.1.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@e468171...d7f5e7f)

Updates `toshimaru/auto-author-assign` from 2.1.1 to 3.0.3
- [Release notes](https://github.com/toshimaru/auto-author-assign/releases)
- [Changelog](https://github.com/toshimaru/auto-author-assign/blob/main/CHANGELOG.md)
- [Commits](toshimaru/auto-author-assign@16f0022...3e19bfc)

Updates `peter-evans/find-comment` from 3.1.0 to 4.0.0
- [Release notes](https://github.com/peter-evans/find-comment/releases)
- [Commits](peter-evans/find-comment@3eae4d3...b30e6a3)

Updates `peter-evans/create-or-update-comment` from 4.0.0 to 5.0.0
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](peter-evans/create-or-update-comment@71345be...e8674b0)

Updates `benc-uk/workflow-dispatch` from 1.2.4 to 1.3.2
- [Release notes](https://github.com/benc-uk/workflow-dispatch/releases)
- [Commits](benc-uk/workflow-dispatch@e2e5e9a...31e2b33)

Updates `peter-evans/repository-dispatch` from 3.0.0 to 4.0.1
- [Release notes](https://github.com/peter-evans/repository-dispatch/releases)
- [Commits](peter-evans/repository-dispatch@ff45666...28959ce)

Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@05b42c6...4eaacf0)

Updates `github/codeql-action/upload-sarif` from 3.29.2 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@181d5ee...8aad20d)

Updates `github/codeql-action/init` from 3.29.2 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@181d5ee...8aad20d)

Updates `github/codeql-action/analyze` from 3.29.2 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@181d5ee...8aad20d)

Updates `aquasecurity/trivy-action` from 0.32.0 to 0.36.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@dc5a429...ed142fd)

Updates `actions/stale` from 9.1.0 to 10.3.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@5bef64f...eb5cf3a)

Updates `Mattraks/delete-workflow-runs` from 2.0.6 to 2.1.0
- [Release notes](https://github.com/mattraks/delete-workflow-runs/releases)
- [Commits](Mattraks/delete-workflow-runs@39f0bbe...b301838)

Updates `coder/start-workspace-action` from 35a4608cefc7e8cc56573cae7c3b85304575cb72 to f97a681b4cc7985c9eef9963750c7cc6ebc93a19
- [Release notes](https://github.com/coder/start-workspace-action/releases)
- [Commits](coder/start-workspace-action@35a4608...f97a681)

Updates `umbrelladocs/action-linkspector` from 1.3.6 to 1.5.4
- [Release notes](https://github.com/umbrelladocs/action-linkspector/releases)
- [Commits](UmbrellaDocs/action-linkspector@3a951c1...6c637d7)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.19.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: dorny/paths-filter
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: crate-ci/typos
  dependency-version: 1.47.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: azure/setup-helm
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: chromaui/action
  dependency-version: 17.7.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: maxim-lobanov/setup-xcode
  dependency-version: 1.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-java
  dependency-version: 5.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: google-github-actions/auth
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: google-github-actions/setup-gcloud
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/attest
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: fluxcd/flux2/action
  dependency-version: 2.8.8
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: google-github-actions/get-gke-credentials
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: superfly/flyctl-actions/setup-flyctl
  dependency-version: '1.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: dependabot/fetch-metadata
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: depot/setup-action
  dependency-version: 1.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: depot/build-push-action
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: tj-actions/changed-files
  dependency-version: 934b2d2c7e653bb8c968afed5a0428617f09aa24
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: nixbuild/nix-quick-install-action
  dependency-version: '35'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: nix-community/cache-nix-action
  dependency-version: 7.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: tj-actions/branch-names
  dependency-version: 9.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: toshimaru/auto-author-assign
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: peter-evans/find-comment
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: peter-evans/create-or-update-comment
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: benc-uk/workflow-dispatch
  dependency-version: 1.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: peter-evans/repository-dispatch
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/stale
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: Mattraks/delete-workflow-runs
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: coder/start-workspace-action
  dependency-version: f97a681b4cc7985c9eef9963750c7cc6ebc93a19
  dependency-type: direct:production
  dependency-group: github-actions
- dependency-name: umbrelladocs/action-linkspector
  dependency-version: 1.5.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 29, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 29, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
codeserver 20e6f9a Jun 29 2026, 05:14 AM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants