chore(deps): update github actions major (major) by renovate[bot] · Pull Request #151 · uselagoon/lagoon-service-images

renovate · 2025-08-29T01:59:05Z

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Type	Update	Change
actions/attest-build-provenance	action	major	`v2.4.0` -> `v3.0.0`
actions/github-script	action	major	`v7.0.1` -> `v8.0.0`
actions/setup-python	action	major	`v5.6.0` -> `v6.0.0`
tj-actions/changed-files	action	major	`v46.0.5` -> `v47.0.0`

Release Notes

actions/attest-build-provenance (actions/attest-build-provenance)

`v3.0.0`

Compare Source

What's Changed

Adjust node max-http-header-size setting by @bdehamer in #687
Bump actions/attest from v2.4.0 to v3.0.0 by @bdehamer in #691
- Bump to node24 runtime
- Improved checksum parsing
Bump attest-build-provenance/predicate to v2.0.0 by @bdehamer in #693
- Bump to node24 runtime by @bdehamer in #692

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/attest-build-provenance@v2.4.0...v3.0.0

actions/github-script (actions/github-script)

`v8.0.0`

Compare Source

`v7.1.0`

Compare Source

What's Changed

Upgrade husky to v9 by @benelan in #482
Add workflow file for publishing releases to immutable action package by @Jcambass in #485
Upgrade IA Publish by @Jcambass in #486
Fix workflow status badges by @joshmgross in #497
Update usage of actions/upload-artifact by @joshmgross in #512
Clear up package name confusion by @joshmgross in #514
Update dependencies with npm audit fix by @joshmgross in #515
Specify that the used script is JavaScript by @timotk in #478
chore: Add Dependabot for NPM and Actions by @nschonni in #472
Define permissions in workflows and update actions by @joshmgross in #531
chore: Add Dependabot for .github/actions/install-dependencies by @nschonni in #532
chore: Remove .vscode settings by @nschonni in #533
ci: Use github/setup-licensed by @nschonni in #473
make octokit instance available as octokit on top of github, to make it easier to seamlessly copy examples from GitHub rest api or octokit documentations by @iamstarkov in #508
Remove octokit README updates for v7 by @joshmgross in #557
docs: add "exec" usage examples by @neilime in #546
Bump ruby/setup-ruby from 1.213.0 to 1.222.0 by @dependabot[bot] in #563
Bump ruby/setup-ruby from 1.222.0 to 1.229.0 by @dependabot[bot] in #575
Clearly document passing inputs to the script by @joshmgross in #603
Update README.md by @nebuk89 in #610

New Contributors

@benelan made their first contribution in #482
@Jcambass made their first contribution in #485
@timotk made their first contribution in #478
@iamstarkov made their first contribution in #508
@neilime made their first contribution in #546
@nebuk89 made their first contribution in #610

Full Changelog: actions/github-script@v7...v7.1.0

actions/setup-python (actions/setup-python)

`v6.0.0`

Compare Source

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in #1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in #1129
Enhance reading from .python-version by @krystof-k in #787
Add version parsing from Pipfile by @aradkdj in #1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in #1183
Change missing cache directory error to warning by @aparnajyothi-y in #1182
Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in #1122
Include python version in PyPy python-version output by @cdce8p in #1110
Update docs: clarification on pip authentication with setup-python by @priya-kinthali in #1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in #843
Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in #1163
Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in #1165
Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in #1181
Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in #1095

New Contributors

@krystof-k made their first contribution in #787
@cdce8p made their first contribution in #1110
@aradkdj made their first contribution in #1067

Full Changelog: actions/setup-python@v5...v6.0.0

tj-actions/changed-files (tj-actions/changed-files)

`v47.0.0`

Compare Source

What's Changed

Upgraded to v46.0.5 by @github-actions[bot] in #2531
chore(deps-dev): bump eslint-config-prettier from 10.1.1 to 10.1.2 by @dependabot[bot] in #2532
chore(deps): bump tj-actions/branch-names from 8.1.0 to 8.2.1 by @dependabot[bot] in #2535
remove: commit and push step from build job by @jackton1 in #2538
chore(deps-dev): bump @types/node from 22.14.0 to 22.14.1 by @dependabot[bot] in #2537
chore(deps-dev): bump ts-jest from 29.3.1 to 29.3.2 by @dependabot[bot] in #2536
chore(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @dependabot[bot] in #2539
chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot[bot] in #2542
chore(deps-dev): bump @types/node from 22.14.1 to 22.15.0 by @dependabot[bot] in #2544
chore(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @dependabot[bot] in #2545
chore(deps-dev): bump @types/node from 22.15.0 to 22.15.3 by @dependabot[bot] in #2548
chore(deps-dev): bump eslint-plugin-prettier from 5.2.6 to 5.4.0 by @dependabot[bot] in #2553
chore(deps-dev): bump @types/node from 22.15.3 to 22.15.10 by @dependabot[bot] in #2552
chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot[bot] in #2551
chore(deps-dev): bump eslint-config-prettier from 10.1.2 to 10.1.5 by @dependabot[bot] in #2558
chore(deps-dev): bump @types/node from 22.15.14 to 22.15.17 by @dependabot[bot] in #2557
chore(deps): bump @actions/github from 6.0.0 to 6.0.1 by @dependabot[bot] in #2556
chore(deps-dev): bump @types/lodash from 4.17.16 to 4.17.17 by @dependabot[bot] in #2565
chore(deps): bump yaml from 2.7.1 to 2.8.0 by @dependabot[bot] in #2561
chore(deps-dev): bump ts-jest from 29.3.2 to 29.3.4 by @dependabot[bot] in #2563
chore(deps-dev): bump @types/node from 22.15.17 to 22.15.21 by @dependabot[bot] in #2566
chore(deps): bump @octokit/rest from 21.1.1 to 22.0.0 by @dependabot[bot] in #2568
chore(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in #2564
chore: update build job to fail when there are uncommited changes by @jackton1 in #2571
chore(deps-dev): bump @types/node from 22.15.21 to 22.15.24 by @dependabot[bot] in #2572
docs: add Jellyfrog as a contributor for code, and doc by @allcontributors[bot] in #2573
Updated README.md by @github-actions[bot] in #2574
chore(deps-dev): bump @types/node from 22.15.24 to 22.15.26 by @dependabot[bot] in #2576
chore(deps-dev): bump eslint-plugin-jest from 28.11.0 to 28.12.0 by @dependabot[bot] in #2575
chore(deps-dev): bump eslint-plugin-jest from 28.12.0 to 28.13.0 by @dependabot[bot] in #2583
chore(deps-dev): bump ts-jest from 29.3.4 to 29.4.0 by @dependabot[bot] in #2589
docs: update link to glob patterns by @jackton1 in #2590
Updated README.md by @github-actions[bot] in #2591
feat: add any_added to outputs by @Jellyfrog in #2567
chore(deps): bump github/codeql-action from 3.28.18 to 3.29.0 by @dependabot[bot] in #2588
Updated README.md by @github-actions[bot] in #2592
chore(deps-dev): bump eslint-plugin-jest from 28.13.0 to 28.13.3 by @dependabot[bot] in #2585
chore(deps-dev): bump eslint-plugin-prettier from 5.4.0 to 5.4.1 by @dependabot[bot] in #2578
chore(deps-dev): bump @types/node from 22.15.26 to 24.0.1 by @dependabot[bot] in #2587
chore(deps-dev): bump eslint-plugin-jest from 28.13.5 to 29.0.1 by @dependabot[bot] in #2600
chore(deps-dev): bump prettier from 3.5.3 to 3.6.2 by @dependabot[bot] in #2610
chore(deps-dev): bump @types/node from 24.0.1 to 24.0.7 by @dependabot[bot] in #2609
chore(deps): bump github/codeql-action from 3.29.0 to 3.29.1 by @dependabot[bot] in #2608
chore(deps-dev): bump @types/lodash from 4.17.17 to 4.17.19 by @dependabot[bot] in #2605
chore(deps-dev): bump jest and @types/jest by @dependabot[bot] in #2604
chore(deps-dev): bump eslint-plugin-prettier from 5.4.1 to 5.5.1 by @dependabot[bot] in #2607
chore(deps-dev): bump jest from 30.0.3 to 30.0.4 by @dependabot[bot] in #2615
chore(deps-dev): bump @types/node from 24.0.7 to 24.0.10 by @dependabot[bot] in #2614
chore(deps): bump github/codeql-action from 3.29.1 to 3.29.2 by @dependabot[bot] in #2612
chore(deps-dev): bump @types/node from 24.0.10 to 24.0.12 by @dependabot[bot] in #2616
chore(deps-dev): bump @types/lodash from 4.17.19 to 4.17.20 by @dependabot[bot] in #2613
chore(deps-dev): bump @types/node from 24.0.12 to 24.0.13 by @dependabot[bot] in #2617
chore(deps-dev): bump eslint-config-prettier from 10.1.5 to 10.1.8 by @dependabot[bot] in #2624
chore(deps-dev): bump @types/node from 24.0.13 to 24.0.15 by @dependabot[bot] in #2623
chore(deps-dev): bump eslint-plugin-prettier from 5.5.1 to 5.5.3 by @dependabot[bot] in #2622
chore(deps): bump codacy/codacy-analysis-cli-action from 4.4.5 to 4.4.7 by @dependabot[bot] in #2620
chore(deps): bump github/codeql-action from 3.29.2 to 3.29.3 by @dependabot[bot] in #2625
chore(deps): bump nrwl/nx-set-shas from 4.3.0 to 4.3.3 by @dependabot[bot] in #2630
chore(deps): bump github/codeql-action from 3.29.3 to 3.29.4 by @dependabot[bot] in #2628
chore(deps-dev): bump jest from 30.0.4 to 30.0.5 by @dependabot[bot] in #2627
chore(deps-dev): bump @types/node from 24.0.15 to 24.1.0 by @dependabot[bot] in #2626
chore(deps): bump tj-actions/branch-names from 8.2.1 to 9.0.1 by @dependabot[bot] in #2633
chore(deps): bump tj-actions/git-cliff from 1.5.0 to 2.0.2 by @dependabot[bot] in #2632
chore(deps): bump github/codeql-action from 3.29.4 to 3.29.5 by @dependabot[bot] in #2635
chore(deps): bump tj-actions/branch-names from 9.0.1 to 9.0.2 by @dependabot[bot] in #2636
test: manual triggered workflows by @jackton1 in #2637
chore(deps-dev): bump ts-jest from 29.4.0 to 29.4.1 by @dependabot[bot] in #2639
chore(deps): bump tj-actions/eslint-changed-files from 25.3.1 to 25.3.2 by @dependabot[bot] in #2638
chore(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 by @dependabot[bot] in #2643
chore(deps): bump yaml from 2.8.0 to 2.8.1 by @dependabot[bot] in #2642
chore(deps): bump actions/download-artifact from 4.3.0 to 5.0.0 by @dependabot[bot] in #2641
chore(deps-dev): bump @types/node from 24.1.0 to 24.2.0 by @dependabot[bot] in #2640
chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in #2646
chore(deps-dev): bump @types/node from 24.2.0 to 24.2.1 by @dependabot[bot] in #2645
chore(deps): bump github/codeql-action from 3.29.7 to 3.29.8 by @dependabot[bot] in #2644
chore(deps): bump github/codeql-action from 3.29.8 to 3.29.9 by @dependabot[bot] in #2647
chore(deps): bump tj-actions/git-cliff from 2.0.2 to 2.1.0 by @dependabot[bot] in #2648
chore(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @dependabot[bot] in #2651
chore(deps-dev): bump @types/node from 24.2.1 to 24.3.0 by @dependabot[bot] in #2649
chore(deps-dev): bump @types/node from 24.3.0 to 24.3.1 by @dependabot[bot] in #2657
chore(deps): bump actions/setup-node from 4.4.0 to 5.0.0 by @dependabot[bot] in #2656
chore(deps): bump github/codeql-action from 3.29.11 to 3.30.2 by @dependabot[bot] in #2659
chore(deps): bump github/codeql-action from 3.30.2 to 3.30.3 by @dependabot[bot] in #2661
chore(deps): bump tj-actions/git-cliff from 2.1.0 to 2.2.0 by @dependabot[bot] in #2660
chore(deps-dev): bump jest from 30.0.5 to 30.1.3 by @dependabot[bot] in #2655
upgrade: to node24 by @jackton1 in #2662

New Contributors

@Jellyfrog made their first contribution in #2567

Full Changelog: tj-actions/changed-files@v46...v47.0.0

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2025-08-29T01:59:19Z

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

actions/actions/attest-build-provenance