Bump the github-actions group with 6 updates #520

dependabot · 2025-03-01T08:06:18Z

Bumps the github-actions group with 6 updates:

Package	From	To
actions/download-artifact	`4.1.8`	`4.1.9`
actions/upload-artifact	`4.6.0`	`4.6.1`
codecov/codecov-action	`5.3.1`	`5.4.0`
github/codeql-action	`3.28.8`	`3.28.10`
peter-evans/create-pull-request	`7.0.6`	`7.0.7`
ncipollo/release-action	`1.15.0`	`1.16.0`

Updates actions/download-artifact from 4.1.8 to 4.1.9

Release notes

Sourced from actions/download-artifact's releases.

v4.1.9

What's Changed

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/download-artifact#354

docs: small migration fix by @froblesmartin in actions/download-artifact#370

Update MIGRATION.md by @andyfeller in actions/download-artifact#372

Update artifact package to 2.2.2 by @yacaovsnc in actions/download-artifact#380

New Contributors

@Jcambass made their first contribution in actions/download-artifact#354

@froblesmartin made their first contribution in actions/download-artifact#370

@andyfeller made their first contribution in actions/download-artifact#372

@yacaovsnc made their first contribution in actions/download-artifact#380

Full Changelog: actions/download-artifact@v4...v4.1.9

Commits

cc20338 Merge pull request #380 from actions/yacaovsnc/release_4_1_9
1fc0fee Update artifact package to 2.2.2
7fba951 Merge pull request #372 from andyfeller/patch-1
f9ceb77 Update MIGRATION.md
533298b Merge pull request #370 from froblesmartin/patch-1
d06289e docs: small migration fix
d0ce8fd Merge pull request #354 from actions/Jcambass-patch-1
1ce0d91 Add workflow file for publishing releases to immutable action package
See full diff in compare view

Updates actions/upload-artifact from 4.6.0 to 4.6.1

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.1

What's Changed

Update to use artifact 2.2.2 package by @yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

Commits

4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
e9fad96 license cache update for artifact
b26fd06 Update to use artifact 2.2.2 package
See full diff in compare view

Updates codecov/codecov-action from 5.3.1 to 5.4.0

Release notes

Sourced from codecov/codecov-action's releases.

v5.4.0

What's Changed

build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @dependabot in codecov/codecov-action#1753

build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @dependabot in codecov/codecov-action#1757

Fix a typo in the example by @miranska in codecov/codecov-action#1758

build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @dependabot in codecov/codecov-action#1765

Fix description for report_type input by @craigscott-crascit in codecov/codecov-action#1770

Fix use of safe.directory inside containers by @Flamefire in codecov/codecov-action#1768

Clarify in README that use_pypi bypasses integrity checks too by @webknjaz in codecov/codecov-action#1773

build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @dependabot in codecov/codecov-action#1777

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @dependabot in codecov/codecov-action#1776

build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @dependabot in codecov/codecov-action#1775

update wrapper submodule to 0.2.0, add recurse_submodules arg by @matt-codecov in codecov/codecov-action#1780

chore(release): 5.4.0 by @thomasrockhu-codecov in codecov/codecov-action#1781

New Contributors

@miranska made their first contribution in codecov/codecov-action#1758

@craigscott-crascit made their first contribution in codecov/codecov-action#1770

@Flamefire made their first contribution in codecov/codecov-action#1768

@matt-codecov made their first contribution in codecov/codecov-action#1780

Full Changelog: codecov/codecov-action@v5.3.1...v5.4.0

Changelog

Sourced from codecov/codecov-action's changelog.

v5.4.0

What's Changed

update wrapper submodule to 0.2.0, add recurse_submodules arg by @matt-codecov in codecov/codecov-action#1780

build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by @app/dependabot in codecov/codecov-action#1775

build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by @app/dependabot in codecov/codecov-action#1776

build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by @app/dependabot in codecov/codecov-action#1777

Clarify in README that use_pypi bypasses integrity checks too by @webknjaz in codecov/codecov-action#1773

Fix use of safe.directory inside containers by @Flamefire in codecov/codecov-action#1768

Fix description for report_type input by @craigscott-crascit in codecov/codecov-action#1770

build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by @app/dependabot in codecov/codecov-action#1765

Fix a typo in the example by @miranska in codecov/codecov-action#1758

build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by @app/dependabot in codecov/codecov-action#1757

build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by @app/dependabot in codecov/codecov-action#1753

Full Changelog: /~https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0

Commits

0565863 chore(release): 5.4.0 (#1781)
c545d7b update wrapper submodule to 0.2.0, add recurse_submodules arg (#1780)
2488e99 build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 (#1775)
a46c158 build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 (#1776)
062ee7e build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 (#1777)
1fecca8 Clarify in README that use_pypi bypasses integrity checks too (#1773)
2e6e9c5 Fix use of safe.directory inside containers (#1768)
a5dc5a5 Fix description for report_type input (#1770)
4898080 build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 (#1765)
5efa07b Fix a typo in the example (#1758)
Additional commits viewable in compare view

Updates github/codeql-action from 3.28.8 to 3.28.10

Release notes

Sourced from github/codeql-action's releases.

v3.28.10

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.10 - 21 Feb 2025

Update default CodeQL bundle version to 2.20.5. #2772

Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

See the full CHANGELOG.md for more information.

v3.28.9

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.9 - 07 Feb 2025

Update default CodeQL bundle version to 2.20.4. #2753

See the full CHANGELOG.md for more information.

Changelog

Sourced from github/codeql-action's changelog.

3.28.10 - 21 Feb 2025

Update default CodeQL bundle version to 2.20.5. #2772

Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. #2768

3.28.9 - 07 Feb 2025

Update default CodeQL bundle version to 2.20.4. #2753

Commits

b56ba49 Merge pull request #2778 from github/update-v3.28.10-9856c48b1
60c9c77 Update changelog for v3.28.10
9856c48 Merge pull request #2773 from github/redsun82/rust
9572e09 Rust: fix log string
1a52936 Rust: special case default setup
cf7e909 Merge pull request #2772 from github/update-bundle/codeql-bundle-v2.20.5
b7006aa Merge branch 'main' into update-bundle/codeql-bundle-v2.20.5
cfedae7 Rust: throw configuration errors if requested and not correctly enabled
3971ed2 Merge branch 'main' into redsun82/rust
d38c6e6 Merge pull request #2775 from github/angelapwen/bump-octokit
Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 7.0.6 to 7.0.7

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.7

⚙️ Fixes an issue with commit signing where modifications to the same file in multiple commits squash into the first commit.

What's Changed

build(deps): bump @octokit/core from 6.1.2 to 6.1.3 by @dependabot in peter-evans/create-pull-request#3593

build(deps-dev): bump @types/node from 18.19.68 to 18.19.70 by @dependabot in peter-evans/create-pull-request#3594

Update distribution by @actions-bot in peter-evans/create-pull-request#3603

build(deps-dev): bump typescript from 5.7.2 to 5.7.3 by @dependabot in peter-evans/create-pull-request#3610

build(deps): bump octokit dependencies by @peter-evans in peter-evans/create-pull-request#3618

docs: add workflow tip for showing message via workflow command by @ybiquitous in peter-evans/create-pull-request#3626

build(deps-dev): bump eslint-plugin-prettier from 5.2.1 to 5.2.3 by @dependabot in peter-evans/create-pull-request#3628

build(deps): bump node-fetch-native from 1.6.4 to 1.6.6 by @dependabot in peter-evans/create-pull-request#3627

build(deps-dev): bump undici from 6.21.0 to 6.21.1 by @dependabot in peter-evans/create-pull-request#3630

build(deps-dev): bump @types/node from 18.19.70 to 18.19.71 by @dependabot in peter-evans/create-pull-request#3629

Update distribution by @actions-bot in peter-evans/create-pull-request#3647

build(deps-dev): bump @types/node from 18.19.71 to 18.19.74 by @dependabot in peter-evans/create-pull-request#3657

build(deps-dev): bump @types/node from 18.19.74 to 18.19.75 by @dependabot in peter-evans/create-pull-request#3663

build(deps): bump @octokit/plugin-rest-endpoint-methods from 13.3.0 to 13.3.1 by @dependabot in peter-evans/create-pull-request#3670

build(deps-dev): bump prettier from 3.4.2 to 3.5.0 by @dependabot in peter-evans/create-pull-request#3671

Update distribution by @actions-bot in peter-evans/create-pull-request#3680

build(deps): bump @octokit/request-error from 6.1.6 to 6.1.7 by @dependabot in peter-evans/create-pull-request#3685

build(deps): bump @octokit/plugin-paginate-rest from 11.4.0 to 11.4.1 by @dependabot in peter-evans/create-pull-request#3688

build(deps): bump @octokit/endpoint from 10.1.2 to 10.1.3 by @dependabot in peter-evans/create-pull-request#3700

Update distribution by @actions-bot in peter-evans/create-pull-request#3691

build(deps-dev): bump prettier from 3.5.0 to 3.5.1 by @dependabot in peter-evans/create-pull-request#3709

build(deps-dev): bump eslint-import-resolver-typescript from 3.7.0 to 3.8.1 by @dependabot in peter-evans/create-pull-request#3710

build(deps): bump @octokit/plugin-paginate-rest from 11.4.1 to 11.4.2 by @dependabot in peter-evans/create-pull-request#3713

build(deps-dev): bump @types/node from 18.19.75 to 18.19.76 by @dependabot in peter-evans/create-pull-request#3712

build(deps): bump @octokit/core from 6.1.3 to 6.1.4 by @dependabot in peter-evans/create-pull-request#3711

Update distribution by @actions-bot in peter-evans/create-pull-request#3736

Use showFileAtRefBase64 to read per-commit file contents by @grahamc in peter-evans/create-pull-request#3744

New Contributors

@ybiquitous made their first contribution in peter-evans/create-pull-request#3626

@grahamc made their first contribution in peter-evans/create-pull-request#3744

Full Changelog: peter-evans/create-pull-request@v7.0.6...v7.0.7

Commits

dd2324f fix: use showFileAtRefBase64 to read per-commit file contents (#3744)
367180c ci: remove testv5 cmd
25575a1 build: update distribution (#3736)
a56e7a5 build(deps): bump @octokit/core from 6.1.3 to 6.1.4 (#3711)
eac17dc build(deps-dev): bump @types/node from 18.19.75 to 18.19.76 (#3712)
a2e685f build(deps): bump @octokit/plugin-paginate-rest from 11.4.1 to 11.4.2 (#3713)
6cfd146 build(deps-dev): bump eslint-import-resolver-typescript (#3710)
b38e8d3 build(deps-dev): bump prettier from 3.5.0 to 3.5.1 (#3709)
8a41570 build: update distribution (#3691)
2e9b4cc build(deps): bump @octokit/endpoint from 10.1.2 to 10.1.3 (#3700)
Additional commits viewable in compare view

Updates ncipollo/release-action from 1.15.0 to 1.16.0

Release notes

Sourced from ncipollo/release-action's releases.

v1.16.0

What's Changed

Bump @octokit/request-error from 5.0.1 to 5.1.1 by @dependabot in ncipollo/release-action#498

Update checkout action version in example by @Cycloctane in ncipollo/release-action#496

Bump undici from 5.28.4 to 5.28.5 by @dependabot in ncipollo/release-action#499

Bump glob from 11.0.0 to 11.0.1 by @dependabot in ncipollo/release-action#495

Bump @types/node from 22.10.3 to 22.13.4 by @dependabot in ncipollo/release-action#500

Regenerate release notes on release updates by @rantoniuk in ncipollo/release-action#497

New Contributors

@rantoniuk made their first contribution in ncipollo/release-action#497

Full Changelog: ncipollo/release-action@v1...v1.16.0

Commits

440c8c1 preparing release 1.16.0
e805702 preparing release 1.17.0
bd572a1 preparing release 1.17.0
706b28e Update tag scheme in sheepit
411ac01 preparing release 1.16.0
a8c5a7f Fixes #474 Regenerate release notes on release updates (#497)
62f16c0 Add sheepit config
00e83e3 Attempt #1 at fixing workflow file
906fc77 Add initial releases workflow
17b5598 Add biome and initial format rules
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [actions/download-artifact](/~https://github.com/actions/download-artifact) | `4.1.8` | `4.1.9` | | [actions/upload-artifact](/~https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.1` | | [codecov/codecov-action](/~https://github.com/codecov/codecov-action) | `5.3.1` | `5.4.0` | | [github/codeql-action](/~https://github.com/github/codeql-action) | `3.28.8` | `3.28.10` | | [peter-evans/create-pull-request](/~https://github.com/peter-evans/create-pull-request) | `7.0.6` | `7.0.7` | | [ncipollo/release-action](/~https://github.com/ncipollo/release-action) | `1.15.0` | `1.16.0` | Updates `actions/download-artifact` from 4.1.8 to 4.1.9 - [Release notes](/~https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4.1.8...v4.1.9) Updates `actions/upload-artifact` from 4.6.0 to 4.6.1 - [Release notes](/~https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.0...v4.6.1) Updates `codecov/codecov-action` from 5.3.1 to 5.4.0 - [Release notes](/~https://github.com/codecov/codecov-action/releases) - [Changelog](/~https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v5.3.1...v5.4.0) Updates `github/codeql-action` from 3.28.8 to 3.28.10 - [Release notes](/~https://github.com/github/codeql-action/releases) - [Changelog](/~https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.28.8...v3.28.10) Updates `peter-evans/create-pull-request` from 7.0.6 to 7.0.7 - [Release notes](/~https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v7.0.6...v7.0.7) Updates `ncipollo/release-action` from 1.15.0 to 1.16.0 - [Release notes](/~https://github.com/ncipollo/release-action/releases) - [Commits](ncipollo/release-action@v1.15.0...v1.16.0) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: ncipollo/release-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

codecov · 2025-03-01T08:15:42Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 100.00%. Comparing base (3a7bf33) to head (9bfd34a).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main      #520   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           15        15           
  Lines         1857      1857           
  Branches       106       106           
=========================================
  Hits          1857      1857

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 1, 2025

rmartin16 merged commit 9232b4d into main Mar 1, 2025
37 checks passed

rmartin16 deleted the dependabot/github_actions/github-actions-760f1d5329 branch March 1, 2025 08:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group with 6 updates #520

Bump the github-actions group with 6 updates #520

dependabot bot commented on behalf of github Mar 1, 2025

codecov bot commented Mar 1, 2025 •

edited

Loading

Bump the github-actions group with 6 updates #520

Bump the github-actions group with 6 updates #520

Conversation

dependabot bot commented on behalf of github Mar 1, 2025

v4.1.9

What's Changed

New Contributors

v4.6.1

What's Changed

v5.4.0

What's Changed

New Contributors

v5.4.0

What's Changed

v3.28.10

CodeQL Action Changelog

3.28.10 - 21 Feb 2025

v3.28.9

CodeQL Action Changelog

3.28.9 - 07 Feb 2025

3.28.10 - 21 Feb 2025

3.28.9 - 07 Feb 2025

Create Pull Request v7.0.7

What's Changed

New Contributors

v1.16.0

What's Changed

New Contributors

codecov bot commented Mar 1, 2025 • edited Loading

Codecov Report

codecov bot commented Mar 1, 2025 •

edited

Loading