Skip to content

ci: Bump the github-actions group across 1 directory with 6 updates#12

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-06908ba4f2
Open

ci: Bump the github-actions group across 1 directory with 6 updates#12
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-06908ba4f2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 9, 2026

Bumps the github-actions group with 6 updates in the / directory:

Package From To
actions/checkout 4.2.2 6.0.2
astral-sh/setup-uv 5 7
actions/setup-node 4 6
actions/upload-artifact 4.4.3 6.0.0
nick-fields/retry 3.0.0 3.0.2
trufflesecurity/trufflehog a450544f0b7c12e99bd78b4f02fe67d5c5e56711 4158734f234bd8770128deae2e2975cfab4b66a6

Updates actions/checkout from 4.2.2 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates astral-sh/setup-uv from 5 to 7

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.2.1 🌈 update known checksums up to 0.9.28

Changes

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

v7.0.0 🌈 node24 and a lot of bugfixes

Changes

This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.

This release also removes the deprecated input server-url which was used to download uv releases from a different server. The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.

Fixes

  • The action now respects when the environment variable UV_CACHE_DIR is already set and does not overwrite it. It now also finds cache-dir settings in config files if you set them.
  • Some users encountered problems that cache pruning took forever because they had some uv processes running in the background. Starting with uv version 0.8.24 this action uses uv cache prune --ci --force to ignore the running processes
  • If you just want to install uv but not have it available in path, this action now respects UV_NO_MODIFY_PATH
  • Some other actions also set the env var UV_CACHE_DIR. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.

Improvements

If you are using minimum version specifiers for the version of uv to install for example

[tool.uv]
required-version = ">=0.8.17"

This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo to determine the highest matching candidate for the version specifier, which took much more time.

If you are using other specifiers like 0.8.x this action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.

🚨 Breaking changes

... (truncated)

Commits
  • eac588a Bump typesafegithub/github-actions-typing from 2.2.1 to 2.2.2 (#753)
  • a97c6cb Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#751)
  • 02182fa fix: warn instead of error when no python to cache (#762)
  • a3b3eae chore: update known checksums for 0.10.0 (#759)
  • 78cebec fix: use --clear to create venv (#761)
  • b6b8e2c refactor: tilde-expansion tests as unittests and no self-hosted tests (#760)
  • e31bec8 chore: update known checksums for 0.9.30 (#756)
  • db2b65e Bump actions/checkout from 6.0.1 to 6.0.2 (#740)
  • 3511ff7 feat: add venv-path input for activate-environment (#746)
  • 99b0f04 Fix punctuation (#747)
  • Additional commits viewable in compare view

Updates actions/setup-node from 4 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

Updates actions/upload-artifact from 4.4.3 to 6.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

New Contributors

Full Changelog: actions/upload-artifact@v4...v5.0.0

v4.6.2

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

... (truncated)

Commits
  • b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
  • e516bc8 docs: correct description of Node.js 24 support in README
  • ddc45ed docs: update README to correct action name for Node.js 24 support
  • 615b319 chore: release v6.0.0 for Node.js 24 support
  • 017748b Merge pull request #744 from actions/fix-storage-blob
  • 38d4c79 chore: rebuild dist
  • 7d27270 chore: add missing license cache files for @​actions/core, @​actions/io, and mi...
  • 5f643d3 chore: update license files for @​actions/artifact@​5.0.1 dependencies
  • 1df1684 chore: update package-lock.json with @​actions/artifact@​5.0.1
  • b5b1a91 fix: update @​actions/artifact to ^5.0.0 for Node.js 24 punycode fix
  • Additional commits viewable in compare view

Updates nick-fields/retry from 3.0.0 to 3.0.2

Release notes

Sourced from nick-fields/retry's releases.

v3.0.2

3.0.2 (2025-02-25)

Fixed an issue with the automated release that prevented #146 from being properly released

What's Changed

Full Changelog: nick-fields/retry@v...v3.0.2

v3.0.1

What's Changed

New Contributors

Full Changelog: nick-fields/retry@v...v3.0.1

Commits
  • ce71cc2 Merge pull request #150 from nick-fields/nrf/bump-sem-rels
  • b3eed5a patch: bump semantic-release packages
  • 41b1e1a Bump action versions, fix tag step in release, regen js (#149)
  • 3610882 refactor: update actions from nick-invision to nick-fields (#147)
  • c97818c fix: group log lines for each attempt (#146)
  • dfb235a Fix local action reference (#140)
  • 3f75758 docs: update README.md with new version (#130)
  • See full diff in compare view

Updates trufflesecurity/trufflehog from a450544f0b7c12e99bd78b4f02fe67d5c5e56711 to 4158734f234bd8770128deae2e2975cfab4b66a6

Commits
  • 4158734 [INS-285] Fix custom detectors line number reporting to match the full regex ...
  • e9734c1 Fix pre-receive hook hangs and missing logs by flushing logs on signal and us...
  • 7635b24 Allow logging of caller info (#4731)
  • b78fbfd Enhance security reporting guidelines in SECURITY.md (#4725)
  • 7f4e37d [INS-228] Add ignorePattern configuration support to Postgres and Sqlserver d...
  • daf5bf1 [INS-280] Fix Github "repostories" filter does not respect GHES endpoint (#4677)
  • 4d4080b remove tracker type (#4723)
  • ddb9583 Added Analysis info to tableau detector (#4717)
  • ef3bf34 [INS-307] Added unspecified(0.0.0.0) check to DetectorHttpClientWithNoLocalAd...
  • f70218b [INS-249] Updated Gitlab client from v0.129.0 to v1.12.0(latest) (#4655)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
ci: Bump the github-actions group across 1 directory with 6 updates
b54af93 
Bumps the github-actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `5` | `7` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.4.3` | `6.0.0` |
| [nick-fields/retry](https://github.com/nick-fields/retry) | `3.0.0` | `3.0.2` |
| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `a450544f0b7c12e99bd78b4f02fe67d5c5e56711` | `4158734f234bd8770128deae2e2975cfab4b66a6` |



Updates `actions/checkout` from 4.2.2 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@11bd719...de0fac2)

Updates `astral-sh/setup-uv` from 5 to 7
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@v5...v7)

Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

Updates `actions/upload-artifact` from 4.4.3 to 6.0.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b4b15b8...b7c566a)

Updates `nick-fields/retry` from 3.0.0 to 3.0.2
- [Release notes](https://github.com/nick-fields/retry/releases)
- [Commits](nick-fields/retry@7152eba...ce71cc2)

Updates `trufflesecurity/trufflehog` from a450544f0b7c12e99bd78b4f02fe67d5c5e56711 to 4158734f234bd8770128deae2e2975cfab4b66a6
- [Release notes](https://github.com/trufflesecurity/trufflehog/releases)
- [Commits](trufflesecurity/trufflehog@a450544...4158734)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: astral-sh/setup-uv
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: nick-fields/retry
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: trufflesecurity/trufflehog
  dependency-version: 4158734f234bd8770128deae2e2975cfab4b66a6
  dependency-type: direct:production
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 9, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 9, 2026

Labels

The following labels could not be found: github-actions. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@codecov
Copy link

codecov bot commented Feb 9, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 0.44%. Comparing base (af70d51) to head (b54af93).

Additional details and impacted files 
@@          Coverage Diff          @@
##            main     #12   +/-   ##
=====================================
  Coverage   0.44%   0.44%           
=====================================
  Files          2       2           
  Lines        226     226           
  Branches      54      54           
=====================================
  Hits           1       1           
  Misses       225     225

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants