{"id":5646,"name":"webfactory/ssh-agent","ecosystem":"actions","repository_url":"https://github.com/webfactory/ssh-agent","issues_count":339,"created_at":"2025-06-06T19:07:51.469Z","updated_at":"2025-06-06T19:07:51.469Z","purl":"pkg:githubactions/webfactory/ssh-agent","metadata":{"id":5802552,"name":"webfactory/ssh-agent","ecosystem":"actions","description":"Run `ssh-agent` and load an SSH key to access other private repositories","homepage":null,"licenses":"mit","normalized_licenses":["MIT"],"repository_url":"https://github.com/webfactory/ssh-agent","keywords_array":["action","github-actions","ssh","ssh-agent","workflow"],"namespace":"webfactory","versions_count":15,"first_release_published_at":"2019-09-14T22:33:18.000Z","latest_release_published_at":"2024-02-06T09:28:20.000Z","latest_release_number":"v0.9.0","last_synced_at":"2025-01-02T10:01:48.707Z","created_at":"2023-01-04T13:51:47.600Z","updated_at":"2025-01-02T10:01:48.708Z","registry_url":"https://github.com/webfactory/ssh-agent","install_command":null,"documentation_url":null,"metadata":{"name":"webfactory/ssh-agent","description":"Run `ssh-agent` and load an SSH key to access other private repositories","inputs":{"ssh-private-key":{"description":"Private SSH key to register in the SSH agent","required":true},"ssh-auth-sock":{"description":"Where to place the SSH Agent auth socket"},"log-public-key":{"description":"Whether or not to log public key fingerprints","required":false,"default":true},"ssh-agent-cmd":{"description":"ssh-agent command","required":false},"ssh-add-cmd":{"description":"ssh-add command","required":false},"git-cmd":{"description":"git command","required":false}},"runs":{"using":"node20","main":"dist/index.js","post":"dist/cleanup.js","post-if":"always()"},"branding":{"icon":"loader","color":"yellow"},"default_branch":"master","path":null},"repo_metadata":{"uuid":"208510314","full_name":"webfactory/ssh-agent","owner":"webfactory","description":"GitHub Action to setup `ssh-agent` with a private key","archived":false,"fork":false,"pushed_at":"2024-02-06T09:31:01.000Z","size":298,"stargazers_count":1030,"open_issues_count":41,"forks_count":232,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-02-07T05:36:41.190Z","etag":null,"topics":["action","github-actions","ssh","ssh-agent","workflow"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/webfactory.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2019-09-14T22:13:20.000Z","updated_at":"2024-02-06T16:09:03.000Z","dependencies_parsed_at":"2023-02-15T14:55:33.785Z","dependency_job_id":"0e280db0-9880-4835-a6af-4eefd20fa2ee","html_url":"https://github.com/webfactory/ssh-agent","commit_stats":{"total_commits":70,"total_committers":25,"mean_commits":2.8,"dds":0.3857142857142857,"last_synced_commit":"d4b9b8ff72958532804b70bbe600ad43b36d5f2e"},"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webfactory","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":184812717,"owners_count":11578407,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"webfactory","name":"webfactory GmbH","uuid":"135788","kind":"organization","description":"Software development agency based in Bonn, Germany. We focus on great customers, talented devs and agile methods. Jobs: https://www.webfactory.de/stellen/","email":"info@webfactory.de","website":"https://www.webfactory.de","location":"Bonn, Germany","twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/135788?v=4","repositories_count":63,"last_synced_at":"2023-08-02T18:27:27.645Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/webfactory","created_at":"2022-11-05T21:29:43.266Z","updated_at":"2023-08-02T18:27:27.776Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webfactory","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/webfactory/repositories"},"tags":[{"name":"v0.9.0","sha":"dc588b651fe13675774614f8e6a936a468676387","kind":"commit","published_at":"2024-02-06T09:28:20.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.9.0","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.9.0","dependencies_parsed_at":null,"dependency_job_id":"c4a5bb0d-5ee8-42da-b6d5-8ec937647c0a","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.9.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.9.0/manifests"},{"name":"v0.8.0","sha":"d4b9b8ff72958532804b70bbe600ad43b36d5f2e","kind":"commit","published_at":"2023-03-24T11:15:25.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.8.0","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.8.0","dependencies_parsed_at":"2023-07-20T20:44:13.335Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.8.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.8.0/manifests"},{"name":"v0.7.0","sha":"836c84ec59a0e7bc0eabc79988384eb567561ee2","kind":"commit","published_at":"2022-10-19T13:52:25.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.7.0","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.7.0","dependencies_parsed_at":"2023-07-20T20:44:13.673Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.7.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.7.0/manifests"},{"name":"v0.6.0","sha":"28cb4d85053f47c0effcf0d08da669f65683d1e5","kind":"commit","published_at":"2022-10-19T08:17:39.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.6.0","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.6.0","dependencies_parsed_at":"2023-07-20T20:44:14.246Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.6.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.6.0/manifests"},{"name":"v0.5.4","sha":"fc49353b67b2b7c1e0e6a600572d01a69f2672dd","kind":"commit","published_at":"2021-11-20T11:43:25.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.5.4","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.5.4","dependencies_parsed_at":"2023-07-20T20:44:21.590Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.4","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.4/manifests"},{"name":"v0.5.3","sha":"5f066a372ec13036ab7cb9a8adf18c936f8d2043","kind":"commit","published_at":"2021-06-11T13:18:45.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.5.3","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.5.3","dependencies_parsed_at":"2023-07-20T20:44:14.391Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.3/manifests"},{"name":"v0.5.2","sha":"cb8b21017acfd319f0f4eb320ae495f22c36d0a7","kind":"commit","published_at":"2021-04-07T10:30:27.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.5.2","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.5.2","dependencies_parsed_at":"2023-07-20T20:44:13.185Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.2/manifests"},{"name":"v0.5.1","sha":"4b6f4eb000f167422aa955c5a7e848a432931c6f","kind":"commit","published_at":"2021-03-10T07:19:17.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.5.1","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.5.1","dependencies_parsed_at":"2023-07-20T20:44:14.338Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.1/manifests"},{"name":"v0.5.0","sha":"6b2f2c5354ff41f1edbbf7a17ea9b6178c89be9f","kind":"commit","published_at":"2021-02-19T13:41:23.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.5.0","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.5.0","dependencies_parsed_at":"2023-07-20T20:44:14.471Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.5.0/manifests"},{"name":"v0.4.1","sha":"ee29fafb6aa450493bac9136b346e51ea60a8b5e","kind":"commit","published_at":"2020-10-07T21:08:38.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.4.1","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.4.1","dependencies_parsed_at":"2023-07-20T20:44:24.905Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.4.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.4.1/manifests"},{"name":"v0.4.0","sha":"ef0ce0cab8e3ad0aa0f3e1fb209b0811b68c0c51","kind":"commit","published_at":"2020-06-24T06:31:28.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.4.0","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.4.0","dependencies_parsed_at":"2023-07-20T20:44:14.187Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.4.0/manifests"},{"name":"v0.3.0","sha":"4fcb25e7ef89d0ad885e957928ddfe0a78aad59e","kind":"commit","published_at":"2020-05-18T07:08:29.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.3.0","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.3.0","dependencies_parsed_at":"2023-07-20T20:44:14.335Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.3.0/manifests"},{"name":"v0.2.0","sha":"b6c65becb03b5d9487d1ddb2ab9f28bdffa1fa77","kind":"commit","published_at":"2020-01-14T09:32:40.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.2.0","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.2.0","dependencies_parsed_at":"2023-07-20T20:44:13.400Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.2.0/manifests"},{"name":"v0.1.1","sha":"e181806200805a1b73d626e059836863e4b697c9","kind":"commit","published_at":"2019-09-15T07:32:43.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.1.1","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.1.1","dependencies_parsed_at":"2023-07-20T20:44:13.878Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.1.1/manifests"},{"name":"v0.1.0","sha":"c03703d9a16a561d72340c2a40ff8d4a914b3d55","kind":"commit","published_at":"2019-09-14T22:33:18.000Z","download_url":"https://codeload.github.com/webfactory/ssh-agent/tar.gz/v0.1.0","html_url":"https://github.com/webfactory/ssh-agent/releases/tag/v0.1.0","dependencies_parsed_at":"2023-07-20T20:44:14.207Z","dependency_job_id":null,"tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/webfactory%2Fssh-agent/tags/v0.1.0/manifests"}]},"repo_metadata_updated_at":"2024-02-07T05:38:47.789Z","dependent_packages_count":0,"downloads":null,"downloads_period":null,"dependent_repos_count":3277,"rankings":{"downloads":null,"dependent_repos_count":0.3581048962129615,"dependent_packages_count":0.0,"stargazers_count":0.27570907938520045,"forks_count":0.24401838060529235,"docker_downloads_count":null,"average":0.21945808905086356},"purl":"pkg:githubactions/webfactory/ssh-agent","advisories":[],"docker_usage_url":"https://docker.ecosyste.ms/usage/actions/webfactory/ssh-agent","docker_dependents_count":2,"docker_downloads_count":6924121,"usage_url":"https://repos.ecosyste.ms/usage/actions/webfactory/ssh-agent","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/actions/webfactory/ssh-agent/dependencies","status":"removed","funding_links":[],"critical":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/webfactory%2Fssh-agent/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/webfactory%2Fssh-agent/version_numbers","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/webfactory%2Fssh-agent/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages/webfactory%2Fssh-agent/related_packages","maintainers":[],"registry":{"name":"github actions","url":"https://github.com/marketplace/actions/","ecosystem":"actions","default":true,"packages_count":31631,"maintainers_count":0,"namespaces_count":19972,"keywords_count":6683,"github":"actions","metadata":{"funded_packages_count":2966},"icon_url":"https://github.com/actions.png","created_at":"2023-01-03T17:16:39.185Z","updated_at":"2025-06-07T05:39:45.903Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/packages","maintainers_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/maintainers","namespaces_url":"https://packages.ecosyste.ms/api/v1/registries/github%20actions/namespaces"}},"unique_repositories_count":280,"unique_repositories_count_past_30_days":20,"recent_issues":[{"uuid":"4510489080","node_id":"PR_kwDORFpk3c7eukN3","number":8,"state":"open","title":"chore(deps): bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T04:30:19.000Z","updated_at":"2026-05-24T04:31:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.0` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/703\"\u003edependabot/fetch-metadata#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/701\"\u003edependabot/fetch-metadata#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/702\"\u003edependabot/fetch-metadata#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.12 to 4.12.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/705\"\u003edependabot/fetch-metadata#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev3.1.0 by \u003ca href=\"https://github.com/fetch-metadata-action-automation\"\u003e\u003ccode\u003e@​fetch-metadata-action-automation\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/692\"\u003edependabot/fetch-m...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/metadata-grammar/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fmetadata-grammar/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4509899186","node_id":"PR_kwDORs4_pM7es2Oo","number":34,"state":"closed","title":"build(deps): Bump the actions group with 12 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T23:41:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T23:30:18.000Z","updated_at":"2026-05-23T23:41:54.000Z","time_to_close":694,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"actions","update_count":12,"packages":[{"name":"actions/checkout","old_version":"4","new_version":"6","repository_url":"https://github.com/actions/checkout"},{"name":"github/codeql-action","old_version":"4.31.10","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/cache","old_version":"4","new_version":"5","repository_url":"https://github.com/actions/cache"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"efa25f7f19611383d5b0ccf2d1c8914531636bf9","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.92.5","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"},{"name":"hyperpolymath/panic-attacker/.github/workflows/scan-and-report.yml","old_version":"35fb302b0bcd797ba304bcc30def77fcb18cc3db","new_version":"caa407f30505369bb42585a397b6ec85f44d036d","repository_url":"https://github.com/hyperpolymath/panic-attacker"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 12 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.31.10` | `4.36.0` |\n| [actions/cache](https://github.com/actions/cache) | `4` | `5` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `efa25f7f19611383d5b0ccf2d1c8914531636bf9` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.92.5` | `3.95.3` |\n| [hyperpolymath/panic-attacker/.github/workflows/scan-and-report.yml](https://github.com/hyperpolymath/panic-attacker) | `35fb302b0bcd797ba304bcc30def77fcb18cc3db` | `caa407f30505369bb42585a397b6ec85f44d036d` |\n\nUpdates `actions/checkout` from 4 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v4...v5.0.0\"\u003ehttps://github.com/actions/checkout/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v4...v4.3.1\"\u003ehttps://github.com/actions/checkout/compare/v4...v4.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.10 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.31.10...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4 to 5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to use node24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1630\"\u003eactions/cache#1630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1684\"\u003eactions/cache#1684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v4.3.0...v5.0.0\"\u003ehttps://github.com/actions/cache/compare/v4.3.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd note on runner versions by \u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev4.3.0\u003c/code\u003e release by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1655\"\u003eactions/cache#1655\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v4...v4.3.0\"\u003ehttps://github.com/actions/cache/compare/v4...v4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1620\"\u003eactions/cache#1620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ccode\u003e4.0.5\u003c/code\u003e and move \u003ccode\u003e@protobuf-ts/plugin\u003c/code\u003e to dev depdencies by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1634\"\u003eactions/cache#1634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release \u003ccode\u003e4.2.4\u003c/code\u003e by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1636\"\u003eactions/cache#1636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1620\"\u003eactions/cache#1620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v4...v4.2.4\"\u003ehttps://github.com/actions/cache/compare/v4...v4.2.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.2.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use \u003ccode\u003e@​actions/cache\u003c/code\u003e 4.0.3 package \u0026amp; prepare for new release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1577\"\u003eactions/cache#1577\u003c/a\u003e (SAS tokens for cache entries are now masked in debug logs)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1577\"\u003eactions/cache#1577\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v4.2.2...v4.2.3\"\u003ehttps://github.com/actions/cache/compare/v4.2.2...v4.2.3\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v4...v5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webfactory/ssh-agent` from 0.9.1 to 0.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/a6f90b1f127823b31d4d4a8d96047790581349bd...e83874834305fe9a4a2997156cb26c5de65a8555\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dtolnay/rust-toolchain` from efa25f7f19611383d5b0ccf2d1c8914531636bf9 to 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dtolnay/rust-toolchain/commit/3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9\"\u003e\u003ccode\u003e3c5f7ea\u003c/code\u003e\u003c/a\u003e Add 1.94.1 patch release\u003c/li\u003e\n\u003cli\u003eS...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/verisimdb/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fverisimdb/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"},{"uuid":"4507569457","node_id":"PR_kwDORoHcRs7elzB0","number":285,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 13 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T08:58:22.000Z","updated_at":"2026-05-23T08:58:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.3.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"docker/setup-buildx-action","old_version":"3.12.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/login-action","old_version":"3.7.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/build-push-action","old_version":"6.19.2","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"actions/attest-build-provenance","old_version":"2.4.0","new_version":"4.1.0","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"sigstore/cosign-installer","old_version":"3.7.0","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"actions/setup-go","old_version":"5.6.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-go"},{"name":"actions/setup-python","old_version":"5.6.0","new_version":"6.2.0","repository_url":"https://github.com/actions/setup-python"},{"name":"github/codeql-action","old_version":"3.35.2","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.1.0` |\n| [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.2.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.2.0` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `4.1.0` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.7.0` | `4.1.2` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` |\n| [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.35.2` | `4.36.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n\n\nUpdates `actions/checkout` from 4.3.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 3.12.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/483\"\u003edocker/setup-buildx-action#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated inputs/outputs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/464\"\u003edocker/setup-buildx-action#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/481\"\u003edocker/setup-buildx-action#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/475\"\u003edocker/setup-buildx-action#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/482\"\u003edocker/setup-buildx-action#482\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/485\"\u003edocker/setup-buildx-action#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/452\"\u003edocker/setup-buildx-action#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/472\"\u003edocker/setup-buildx-action#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/480\"\u003edocker/setup-buildx-action#480\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 3.7.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scoped Docker Hub cleanup path when registry is omitted by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/945\"\u003edocker/login-action#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1020.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/930\"\u003edocker/login-action#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.86.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/932\"\u003edocker/login-action#932\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/936\"\u003edocker/login-action#936\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/952\"\u003edocker/login-action#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.4 to 5.3.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/942\"\u003edocker/login-action#942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/944\"\u003edocker/login-action#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/940\"\u003edocker/login-action#940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/949\"\u003edocker/login-action#949\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 8.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/937\"\u003edocker/login-action#937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/958\"\u003edocker/login-action#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/941\"\u003edocker/login-action#941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/948\"\u003edocker/login-action#948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/938\"\u003edocker/login-action#938\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/login-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/929\"\u003edocker/login-action#929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/927\"\u003edocker/login-action#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/919\"\u003edocker/login-action#919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/910\"\u003edocker/login-action#910\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/928\"\u003edocker/login-action#928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/921\"\u003edocker/login-action#921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/901\"\u003edocker/login-action#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/login-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 6.19.2 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGit context \u003ca href=\"https://docs.docker.com/build/concepts/context/#url-queries\"\u003equery format\u003c/a\u003e support by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.87.0 by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1500\"\u003edocker/build-push-action#1500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.5.7 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1489\"\u003edocker/build-push-action#1489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1491\"\u003edocker/build-push-action#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1490\"\u003edocker/build-push-action#1490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1497\"\u003edocker/build-push-action#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1510\"\u003edocker/build-push-action#1510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1496\"\u003edocker/build-push-action#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1486\"\u003edocker/build-push-action#1486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1509\"\u003edocker/build-push-action#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1470\"\u003edocker/build-push-action#1470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated \u003ccode\u003eDOCKER_BUILD_NO_SUMMARY\u003c/code\u003e and \u003ccode\u003eDOCKER_BUILD_EXPORT_RETENTION_DAYS\u003c/code\u003e envs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1473\"\u003edocker/build-push-action#1473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove legacy export-build tool support for build summary by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1474\"\u003edocker/build-push-action#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1466\"\u003edocker/build-push-action#1466\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1454\"\u003edocker/build-push-action#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.62.1 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1453\"\u003edocker/build-push-action#1453\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1472\"\u003edocker/build-push-action#1472\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1479\"\u003edocker/build-push-action#1479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1463\"\u003edocker/build-push-action#1463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0\"\u003ehttps://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/10e90e3645eae34f1e60eeb005ba3a3d33f178e8...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/attest-build-provenance` from 2.4.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/attest-build-provenance/releases\"\u003eactions/attest-build-provenance's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate RELEASE.md docs by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/836\"\u003eactions/attest-build-provenance#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/attest\u003c/code\u003e from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/838\"\u003eactions/attest-build-provenance#838\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.0.0 to 3.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/362\"\u003eactions/attest#362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.1.0 to 3.2.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/365\"\u003eactions/attest#365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd new \u003ccode\u003esubject-version\u003c/code\u003e input for inclusion in storage record by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/364\"\u003eactions/attest#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd storage record content to README by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/366\"\u003eactions/attest#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v4 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/835\"\u003eactions/attest-build-provenance#835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 2.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/776\"\u003eactions/attest-build-provenance#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd more documentation on Artifact Metadata Storage Records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/797\"\u003eactions/attest-build-provenance#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/attest to latest version v3.2.0 by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/812\"\u003eactions/attest-build-provenance#812\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v3 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/697\"\u003eactions/attest-build-provenance#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 3.14.1 to 3.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/749\"\u003eactions/attest-build-provenance#749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 7.5.1 to 7.5.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/753\"\u003eactions/attest-build-provenance#753\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.4.5 to 10.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/754\"\u003eactions/attest-build-provenance#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.1 to 25.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/774\"\u003eactions/attest-build-provenance#774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 1.6.0 to 2.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/736\"\u003eactions/attest-build-provenance#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 2.0.0 to 2.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/775\"\u003eactions/attest-build-provenance#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for creating artifact metadata storage records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/779\"\u003eactions/attest-build-provenance#779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003e\u003ccode\u003ea2bbfa2\u003c/code\u003e\u003c/a\u003e bump actions/attest from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0856891a35570e4ac506b510f0358a4308f82385\"\u003e\u003ccode\u003e0856891\u003c/code\u003e\u003c/a\u003e update RELEASE.md docs (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/e4d4f7c39adfa4c260fb5c147f0622000aa14b99\"\u003e\u003ccode\u003ee4d4f7c\u003c/code\u003e\u003c/a\u003e prepare v4 release (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/02a49bdc410a809733602220c6f6275925d6b578\"\u003e\u003ccode\u003e02a49bd\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/824\"\u003e#824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/7c757df4145fcd233331998e58b20b422c833a00\"\u003e\u003ccode\u003e7c757df\u003c/code\u003e\u003c/a\u003e Bump the npm-development group with 2 updates (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/825\"\u003e#825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/c44148e5bf178192efd8947e07a0d439a356c60b\"\u003e\u003ccode\u003ec44148e\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/818\"\u003e#818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/32343527f2ec94583cf7b31280de0f60dc9f0bf9\"\u003e\u003ccode\u003e3234352\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.0.10 to 25.2.0 in the npm-development group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/819\"\u003e#819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/18db12979d4cecda10c1cf295bcb159f3e59866d\"\u003e\u003ccode\u003e18db129\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.6 to 7.5.7 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/816\"\u003e#816\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/90fadfae6ba2e2ef59f8d38e61ec3cf16443a18e\"\u003e\u003ccode\u003e90fadfa\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 2.0.1 to 2.0.2 in the npm-production group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/799\"\u003e#799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/57db8ba356515a4c8608990f2aa27a6972235ccc\"\u003e\u003ccode\u003e57db8ba\u003c/code\u003e\u003c/a\u003e Bump the npm-development group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/808\"\u003e#808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/e8998f949152b193b063cb0ec769d69d929409be...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 3.7.0 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update default cosign-release to v3.0.5 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/223\"\u003esigstore/cosign-installer#223\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWe recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing \u003ccode\u003ewith: cosign-release\u003c/code\u003e and strongly discourage using \u003ccode\u003ecosign-release\u003c/code\u003e unless you have a specific reason to use an older version of Cosign.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.5 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/220\"\u003esigstore/cosign-installer#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add retry to curl downloads for transient network failures in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/210\"\u003esigstore/cosign-installer#210\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed?\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e You must upgrade to cosign-installer v4 if you want to install \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3+\u003c/a\u003e. You may still install Cosign v2.x with cosign-installer v4.\u003c/p\u003e\n\u003cp\u003eIn version v3+, using \u003ccode\u003ecosign sign-blob\u003c/code\u003e requires adding the \u003ccode\u003e--bundle\u003c/code\u003e flag which may require you to update your signing command.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Cosign v3 releases (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed?\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e cosign-installer v3.x cannot be used to install \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3.x\u003c/a\u003e. You must upgrade to cosign-installer v4 in order to use Cosign v3.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump default Cosign to v2.6.1 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump default Cosign to v2.6.0 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/200\"\u003esigstore/cosign-installer#200\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.9.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003enot fail fast and setup permissions in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/195\"\u003esigstore/cosign-installer#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edrop old unsupported versions \u0026lt;v2.0.0 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/192\"\u003esigstore/cosign-installer#192\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default to v2.5.3 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/196\"\u003esigstore/cosign-installer#196\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003\"\u003e\u003ccode\u003ecad07c2\u003c/code\u003e\u003c/a\u003e chore: update default cosign-release to v3.0.5 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/223\"\u003e#223\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/ba7bc0a3fef59531c69a25acd34668d6d3fe6f22\"\u003e\u003ccode\u003eba7bc0a\u003c/code\u003e\u003c/a\u003e fix: add retry to curl downloads for transient network failures (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/5a292e1504fdf08d68831aa1d265e92aee5701f9\"\u003e\u003ccode\u003e5a292e1\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.5 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/220\"\u003e#220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/351ea76151ae2dbbf52374c9dd639f4981de944f\"\u003e\u003ccode\u003e351ea76\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/217\"\u003e#217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/c17565ff322a3403de48978f18d9ee0cfa7c2cd5\"\u003e\u003ccode\u003ec17565f\u003c/code\u003e\u003c/a\u003e test with go 1.26 too (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/a6fdd19182ff7fb86ae39a9329ba29eb602cbabb\"\u003e\u003ccode\u003ea6fdd19\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.1.0 to 6.3.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/218\"\u003e#218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/430b6a704fe0c92f1b1261d84376a900f38d90ff\"\u003e\u003ccode\u003e430b6a7\u003c/code\u003e\u003c/a\u003e docs: fix registry from gcr.io to ghcr.io (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4.3.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the \u003ccode\u003eContent-Type\u003c/code\u003e header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new \u003ccode\u003eskip-decompress\u003c/code\u003e parameter to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eEnforced checks (breaking)\u003c/h3\u003e\n\u003cp\u003eA previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the \u003ccode\u003edigest-mismatch\u003c/code\u003e parameter. To be secure by default, we are now defaulting the behavior to \u003ccode\u003eerror\u003c/code\u003e which will fail the workflow run.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the @actions/* packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't attempt to un-zip non-zipped downloads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/460\"\u003eactions/download-artifact#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/461\"\u003eactions/download-artifact#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8.0.0\"\u003ehttps://github.com/actions/download-artifact/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v7 now runs on Node.js 24 (\u003cc...\n\n_Description has been truncated_","html_url":"https://github.com/leduytuanvu/avf-vending-api/pull/285","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leduytuanvu%2Favf-vending-api/issues/285","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/285/packages"},{"uuid":"4505392551","node_id":"PR_kwDORIqe7M7efBIQ","number":8,"state":"closed","title":"chore(deps): bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T20:21:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T20:20:23.000Z","updated_at":"2026-05-23T02:20:26.000Z","time_to_close":85,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.0` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/703\"\u003edependabot/fetch-metadata#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/701\"\u003edependabot/fetch-metadata#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/702\"\u003edependabot/fetch-metadata#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.12 to 4.12.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/705\"\u003edependabot/fetch-metadata#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev3.1.0 by \u003ca href=\"https://github.com/fetch-metadata-action-automation\"\u003e\u003ccode\u003e@​fetch-metadata-action-automation\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/692\"\u003edependabot/fetch-m...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/universal-extension-format/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Funiversal-extension-format/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"},{"uuid":"4505226487","node_id":"PR_kwDORLRLq87eeexz","number":26,"state":"closed","title":"build(deps): bump the actions group with 12 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-22T20:00:27.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T19:46:25.000Z","updated_at":"2026-05-23T00:51:45.000Z","time_to_close":842,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"actions","update_count":12,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 12 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifac...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/social-media-tools/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fsocial-media-tools/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"},{"uuid":"4505224990","node_id":"PR_kwDORsoNyM7eeed3","number":11,"state":"closed","title":"chore(deps): bump the actions group with 12 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T20:00:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T19:46:06.000Z","updated_at":"2026-05-23T00:57:32.000Z","time_to_close":893,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":12,"packages":[{"name":"actions/checkout","old_version":"4.3.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"ruby/setup-ruby","old_version":"1.283.0","new_version":"1.310.0","repository_url":"https://github.com/ruby/setup-ruby"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 12 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.0` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.283.0` | `1.310.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.3.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.3.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/703\"\u003edependabot/fetch-metadata#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/701\"\u003edependabot/fetch-metadata#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/702\"\u003edependabot/fetch-metadata#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.12 to 4.12.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/705\"\u003edependabot/fetch-metadata#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev3.1.0 by \u003ca href=\"https://github.com/fetch-metadata-action-automation\"\u003e\u003ccode\u003e@​fetch-metadata-action-automation\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/692\"\u003edependabot/fetch-metadata#692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0\"\u003ehttps://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003eThe breaking change is requiring Node.js version v24 as the Actions runtime.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Parse versions from metadata links by \u003ca href=\"https://github.com/ppkarwasz\"\u003e\u003ccode\u003e@​ppkarwasz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/632\"\u003edependabot/fetch-metadata#632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions core and actions github packages by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/649\"\u003edependabot/fetch-metadata#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add notes for using \u003ccode\u003ealert-lookup\u003c/code\u003e with App Token by \u003ca href=\"https://github.com/sue445\"\u003e\u003ccode\u003e@​sue445\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/656\"\u003edependabot/fetch-metadata#656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: update Node.js version to v24 by \u003ca href=\"https://github.com/sturman\"\u003e\u003ccode\u003e@​sturman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/671\"\u003edependabot/fetch-metadata#671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch build tooling from ncc to esbuild by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/676\"\u003edependabot/fetch-metadata#676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd --legal-comments=none to esbuild build commands by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/679\"\u003edependabot/fetch-metadata#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tsconfig target from es2022 to es2024 by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/680\"\u003edependabot/fetch-metadata#680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove vestigial outDir from tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/681\"\u003edependabot/fetch-metadata#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch tsconfig module resolution to bundler by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/682\"\u003edependabot/fetch-metadata#682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove skipLibCheck from tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/683\"\u003edependabot/fetch-metadata#683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typecheck step to CI by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/685\"\u003edependabot/fetch-metadata#685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable noImplicitAny in tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/684\"\u003edependabot/fetch-metadata#684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/core\u003c/code\u003e to ^3.0.0 by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/677\"\u003edependabot/fetch-metadata#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/github\u003c/code\u003e to ^9.0.0 and \u003ccode\u003e@​octokit/request-error\u003c/code\u003e to ^7.1.0 by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/678\"\u003edependabot/fetch-metadata#678\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump qs from 6.14.0 to 6.14.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/651\"\u003edependabot/fetch-metadata#651\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.1 to 4.11.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/652\"\u003edependabot/fetch-metadata#652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.4 to 4.11.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/653\"\u003edependabot/fetch-metadata#653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.7 to 4.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/657\"\u003edependabot/fetch-metadata#657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump qs from 6.14.1 to 6.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/655\"\u003edependabot/fetch-metadata#655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e from 1.25.1 to 1.26.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/654\"\u003edependabot/fetch-metadata#654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.9 to 1.19.10 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/665\"\u003edependabot/fetch-metadata#665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.12.2 to 4.12.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/664\"\u003edependabot/fetch-metadata#664\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/25dd0e34f4fe68f24cc83900b1fe3fe149efef98\"\u003e\u003ccode\u003e25dd0e3\u003c/code\u003e\u003c/a\u003e v3.1.0 (\u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/e073f50d732cb48d48fb80afedb4fa61361626e9\"\u003e\u003ccode\u003ee073f50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/705\"\u003e#705\u003c/a\u003e from dependabot/dependabot/npm_and_yarn/hono-4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/0670e167df1fbee1b0d07121de6a182ddebdd674\"\u003e\u003ccode\u003e0670e16\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump hono from 4.12.12 to 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/7a7fe10a42310e65df80af6c771e9aa5d59842d1\"\u003e\u003ccode\u003e7a7fe10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/702\"\u003e#702\u003c/a\u003e from dependabot/dependabot/npm_and_yarn/dependencies-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/5168191cea3d4daa635bff6c796b4f0faeba522d\"\u003e\u003ccode\u003e5168191\u003c/code\u003e\u003c/a\u003e Updating dist build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/23882e175b2f16bc495c89aa50940399c6a17504\"\u003e\u003ccode\u003e23882e1\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e in the dependencies group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/1072469591c13fda1d8dba1d1ac2e80187e247d7\"\u003e\u003ccode\u003e1072469\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/701\"\u003e#701\u003c/a\u003e from dependabot/dependabot/github_actions/actions/cre...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/43f8a0055c8e32587be67e097dff89a6823c9752\"\u003e\u003ccode\u003e43f8a00\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/b4d904a50935c8ebe744da148ea8a18a43fe72e1\"\u003e\u003ccode\u003eb4d904a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/703\"\u003e#703\u003c/a\u003e from dependabot/dependabot/npm_and_yarn/globals-17.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/c8046bb877d9989cc848797de1b944bc3e93ef82\"\u003e\u003ccode\u003ec8046bb\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump globals from 17.4.0 to 17.5.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dependabot/fetch-metadata/compare/dbb049abf0d677abbd7f7eee0375145b417fdd34...25dd0e34f4fe68f24cc83900b1fe3fe149efef98\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca hr...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/tangle/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Ftangle/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"},{"uuid":"4498975781","node_id":"PR_kwDOQvICas7eKOkH","number":16,"state":"open","title":"chore(deps): bump the actions group with 14 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T01:12:01.000Z","updated_at":"2026-05-22T01:14:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":14,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"peter-evans/repository-dispatch","old_version":"3.0.0","new_version":"4.0.1","repository_url":"https://github.com/peter-evans/repository-dispatch"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"56f84321dbccf38fb67ce29ab63e4754056677e0","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 14 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.5` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.1` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `56f84321dbccf38fb67ce29ab63e4754056677e0` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/snapcreate/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fsnapcreate/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"},{"uuid":"4498801009","node_id":"PR_kwDORO5LCs7eJr-S","number":14,"state":"open","title":"chore(deps): bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T00:26:32.000Z","updated_at":"2026-05-22T01:11:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.5` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/squisher-corpus/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fsquisher-corpus/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"},{"uuid":"4469171413","node_id":"PR_kwDOQ0Eyfs7cpsv6","number":9,"state":"open","title":"chore(deps): bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T12:40:23.000Z","updated_at":"2026-05-19T05:02:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.0.2","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"erlef/setup-beam","old_version":"1.18.2","new_version":"1.24.0","repository_url":"https://github.com/erlef/setup-beam"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.0.2` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [erlef/setup-beam](https://github.com/erlef/setup-beam) | `1.18.2` | `1.24.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.5` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.0.2 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v4.0.2...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erlef/setup-beam` from 1.18.2 to 1.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/erlef/setup-beam/releases\"\u003eerlef/setup-beam's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Potentially breaking changes\u003c/h2\u003e\n\u003cp\u003eSince GitHub is phasing out Node 20 runners, the \u003ccode\u003eerlef/setup-beam\u003c/code\u003e action has updated its requirements ([see PR \u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/426\"\u003e#426\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/426\"\u003eerlef/setup-beam#426\u003c/a\u003e)). Please \u003cstrong\u003eensure your workflow files are updated\u003c/strong\u003e to align with the \u003ca href=\"https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/\"\u003elatest GitHub Actions standards\u003c/a\u003e to avoid execution failures.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSupport Node 24 runtime by \u003ca href=\"https://github.com/levibuzolic\"\u003e\u003ccode\u003e@​levibuzolic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/426\"\u003eerlef/setup-beam#426\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix error that occurs when parsing TOML files that use dotted keys by \u003ca href=\"https://github.com/mitchellhenke\"\u003e\u003ccode\u003e@​mitchellhenke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/444\"\u003eerlef/setup-beam#444\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomation\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 3rd party licenses (automation) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/435\"\u003eerlef/setup-beam#435\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/436\"\u003eerlef/setup-beam#436\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/442\"\u003eerlef/setup-beam#442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump eslint from 10.0.3 to 10.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/439\"\u003eerlef/setup-beam#439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump yauzl from 3.2.0 to 3.2.1 in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/437\"\u003eerlef/setup-beam#437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump csv-parse from 6.1.0 to 6.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/440\"\u003eerlef/setup-beam#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/443\"\u003eerlef/setup-beam#443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: address \u003ccode\u003ePrototype Pollution via parse() in NodeJS flatted\u003c/code\u003e by \u003ca href=\"https://github.com/paulo-ferraz-oliveira\"\u003e\u003ccode\u003e@​paulo-ferraz-oliveira\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/445\"\u003eerlef/setup-beam#445\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/levibuzolic\"\u003e\u003ccode\u003e@​levibuzolic\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/426\"\u003eerlef/setup-beam#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitchellhenke\"\u003e\u003ccode\u003e@​mitchellhenke\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/444\"\u003eerlef/setup-beam#444\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/erlef/setup-beam/compare/v1...v1.24.0\"\u003ehttps://github.com/erlef/setup-beam/compare/v1...v1.24.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add macOS-26 to supported ImageOS mappings by \u003ca href=\"https://github.com/petermm\"\u003e\u003ccode\u003e@​petermm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/430\"\u003eerlef/setup-beam#430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add Erlang problem matchers by \u003ca href=\"https://github.com/Taure\"\u003e\u003ccode\u003e@​Taure\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/433\"\u003eerlef/setup-beam#433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: use dynamic import in tests to prevent ESM hoisting race by \u003ca href=\"https://github.com/petermm\"\u003e\u003ccode\u003e@​petermm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/429\"\u003eerlef/setup-beam#429\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: download correct Gleam binary for macOS and Linux ARM64 by \u003ca href=\"https://github.com/petermm\"\u003e\u003ccode\u003e@​petermm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/428\"\u003eerlef/setup-beam#428\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRun ARM-specific tests consistently by \u003ca href=\"https://github.com/paulo-ferraz-oliveira\"\u003e\u003ccode\u003e@​paulo-ferraz-oliveira\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/434\"\u003eerlef/setup-beam#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCompatibility matrix strategy by \u003ca href=\"https://github.com/sebastiw\"\u003e\u003ccode\u003e@​sebastiw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/389\"\u003eerlef/setup-beam#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 3rd party licenses (automation) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/425\"\u003eerlef/setup-beam#425\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.0 in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/432\"\u003eerlef/setup-beam#432\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/fc68ffb90438ef2936bbb3251622353b3dcb2f93\"\u003e\u003ccode\u003efc68ffb\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to 190c3a5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/190c3a5e7b2d0a7e53ac2ae08f02a617c755b13d\"\u003e\u003ccode\u003e190c3a5\u003c/code\u003e\u003c/a\u003e Fix error that occurs when parsing TOML files that use dotted keys (\u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/444\"\u003e#444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/92dab893ed9373c7c8b219be47f9e6ad3684507b\"\u003e\u003ccode\u003e92dab89\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to 5dfda65\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/5dfda6550693b3e524212c8e8956489385351723\"\u003e\u003ccode\u003e5dfda65\u003c/code\u003e\u003c/a\u003e fix: address \u003ccode\u003ePrototype Pollution via parse() in NodeJS flatted\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/445\"\u003e#445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/ef385d6edc40d082c376680340dc4581014fb5c3\"\u003e\u003ccode\u003eef385d6\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to bf3c3af\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/bf3c3af135ef07a5f34ef23377a9cbf2b2e1fab0\"\u003e\u003ccode\u003ebf3c3af\u003c/code\u003e\u003c/a\u003e Bump picomatch from 4.0.3 to 4.0.4 in the npm_and_yarn group across 1 directo...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/e7645e410255776e1f30cddea2b7842df4b842fb\"\u003e\u003ccode\u003ee7645e4\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to a36098e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/a36098e7415c702808cc414302b5a3fa2c83df52\"\u003e\u003ccode\u003ea36098e\u003c/code\u003e\u003c/a\u003e Bump csv-parse from 6.1.0 to 6.2.1 (\u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/440\"\u003e#440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/87781dc68a92d3ae823e02b5a7c030621fcc71a2\"\u003e\u003ccode\u003e87781dc\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to d5f3979\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/d5f3979a5f2803385ad71e7a9e178d31f89b8d2b\"\u003e\u003ccode\u003ed5f3979\u003c/code\u003e\u003c/a\u003e Support Node 24 runtime (\u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/426\"\u003e#426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/erlef/setup-beam/compare/v1.18.2...fc68ffb90438ef2936bbb3251622353b3dcb2f93\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/seamstress/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fseamstress/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"},{"uuid":"4465079342","node_id":"PR_kwDOSehZ0s7ccqn8","number":1,"state":"open","title":"chore(ci): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T22:06:12.000Z","updated_at":"2026-05-17T22:06:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Ski-Manager/Manager/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ski-Manager%2FManager/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4463236654","node_id":"PR_kwDOPdJ_FM7cXNIc","number":15,"state":"closed","title":"chore(deps): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-17T11:11:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T10:58:15.000Z","updated_at":"2026-05-17T11:11:35.000Z","time_to_close":798,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.0 [2024-02-06]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all versions of \u003ccode\u003eactions/checkout\u003c/code\u003e to v4 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate to Node 20 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.8.0 [2023-03-24]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNo longer writing GitHub's SSH host keys to \u003ccode\u003eknown_hosts\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate to actions/checkout@v3 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow the user to override the commands for git, ssh-agent, and ssh-add (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.7.0 [2022-10-19]\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003elog-public-key\u003c/code\u003e input that can be used to turn off logging key identities (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path to \u003ccode\u003egit\u003c/code\u003e binary on Windows, assuming GitHub-hosted runners (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/136\"\u003e#136\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a nonsensical log message (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.0 [2022-10-19]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the version of Node used by the action from 12 to 16 (\u003ca href=\"https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/\"\u003ehttps://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.4 [2021-11-21]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/dc588b651fe13675774614f8e6a936a468676387...e83874834305fe9a4a2997156cb26c5de65a8555\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Hsin-Kuo/transcriber/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hsin-Kuo%2Ftranscriber/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"},{"uuid":"4445266915","node_id":"PR_kwDOSdSfkc7be8sO","number":12,"state":"closed","title":"ci: bump the github-actions-minor-patch group with 3 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-14T23:38:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T10:44:50.000Z","updated_at":"2026-05-14T23:38:51.000Z","time_to_close":46439,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci: bump","group_name":"github-actions-minor-patch","update_count":3,"packages":[{"name":"GitGuardian/ggshield","old_version":"1.45.0","new_version":"1.50.4","repository_url":"https://github.com/gitguardian/ggshield"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"commitizen-tools/commitizen-action","old_version":"0.24.0","new_version":"0.27.1","repository_url":"https://github.com/commitizen-tools/commitizen-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions-minor-patch group with 3 updates: [GitGuardian/ggshield](https://github.com/gitguardian/ggshield), [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) and [commitizen-tools/commitizen-action](https://github.com/commitizen-tools/commitizen-action).\n\nUpdates `GitGuardian/ggshield` from 1.45.0 to 1.50.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gitguardian/ggshield/releases\"\u003eGitGuardian/ggshield's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.50.4\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eggshield plugin install --allow-unsigned\u003c/code\u003e and \u003ccode\u003eggshield plugin update --allow-unsigned\u003c/code\u003e now verify plugin signatures using the embedded / cached sigstore trust root instead of refreshing it over the network, so plugins can still be installed when the sigstore TUF endpoints are unreachable.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.50.3\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip OS keyring access at startup when \u003ccode\u003eGITGUARDIAN_API_KEY\u003c/code\u003e is set in the environment (or in a \u003ccode\u003e.env\u003c/code\u003e file). This avoids redundant keychain unlock prompts on systems using multiple ggshield instances.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.50.2\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003euv tool install ggshield\u003c/code\u003e resolution by requiring sigstore 4, avoiding sigstore 3's transitive pre-release dependency on \u003ccode\u003ebetterproto\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.50.1\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed plugin signature verification in PyInstaller-based packages by bundling sigstore's embedded TUF trust roots.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.50.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eggshield is now available as a MSI package.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd sigstore signature verification for plugin wheels, enforcing identity-based trust via OIDC. Install and update operations are strict by default, while \u003ccode\u003e--allow-unsigned\u003c/code\u003e persists an explicit trust exception for the exact wheel hash so explicitly accepted unsigned plugins can still load at runtime.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAPI tokens are now stored in the OS credential store (macOS Keychain, Windows Credential Locker, Linux Secret Service) via the \u003ccode\u003ekeyring\u003c/code\u003e library instead of cleartext in \u003ccode\u003eauth_config.yaml\u003c/code\u003e. Existing cleartext tokens are migrated automatically the next time the configuration is saved. If no OS credential store is available or \u003ccode\u003eGGSHIELD_NO_KEYRING=1\u003c/code\u003e, file-based storage is used as a fall-back.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a new \u003ccode\u003esecret.fail_on_server_error\u003c/code\u003e configuration option (default \u003ccode\u003eTrue\u003c/code\u003e), available as the \u003ccode\u003e--fail-on-server-error/--no-fail-on-server-error\u003c/code\u003e flag or \u003ccode\u003eGITGUARDIAN_FAIL_ON_SERVER_ERROR\u003c/code\u003e environment variable. When set to \u003ccode\u003eFalse\u003c/code\u003e, \u003ccode\u003esecret scan pre-commit\u003c/code\u003e, \u003ccode\u003esecret scan pre-push\u003c/code\u003e, \u003ccode\u003esecret scan pre-receive\u003c/code\u003e, and \u003ccode\u003esecret scan ci\u003c/code\u003e exit with code \u003ccode\u003e0\u003c/code\u003e and display a warning instead of blocking the git operation when the GitGuardian server is unreachable or returns a 5xx response. The default preserves the previous blocking behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew \u003ccode\u003eggshield ai discover\u003c/code\u003e command.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe AI hooks now also log/block MCP activity\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking\u003c/strong\u003e: \u003ccode\u003esecret scan pre-receive\u003c/code\u003e no longer fail-opens by default when the GitGuardian server returns a 5xx response. Previously the push was allowed through with a warning; now it is blocked, matching the other git hooks. Set \u003ccode\u003esecret.fail_on_server_error\u003c/code\u003e to \u003ccode\u003eFalse\u003c/code\u003e (or pass \u003ccode\u003e--no-fail-on-server-error\u003c/code\u003e) to restore the previous fail-open behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eForward \u003ccode\u003esignature_mode\u003c/code\u003e through GitHub release and GitHub artifact download paths, ensuring signature verification is applied consistently across all install sources.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eScans of large repositories no longer fail on a single transient network glitch. ggshield now retries connection errors (e.g. \u003ccode\u003eConnectionResetError\u003c/code\u003e) and 502/503/504 responses with bounded exponential backoff.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGlobal Copilot hooks are configured correctly in \u003ccode\u003e~/.copilot\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePin the default package index in \u003ccode\u003epyproject.toml\u003c/code\u003e to public PyPI and add a rolling \u003ccode\u003eexclude-newer = \u0026quot;3 days\u0026quot;\u003c/code\u003e constraint, so the resolved \u003ccode\u003euv.lock\u003c/code\u003e is reproducible for external contributors/CI and newly-published (potentially malicious) releases get a short quarantine window before they can land in the lock.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GitGuardian/ggshield/blob/main/CHANGELOG.md\"\u003eGitGuardian/ggshield's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.4 — 2026-05-07\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eggshield plugin install --allow-unsigned\u003c/code\u003e and \u003ccode\u003eggshield plugin update --allow-unsigned\u003c/code\u003e now verify plugin signatures using the embedded / cached sigstore trust root instead of refreshing it over the network, so plugins can still be installed when the sigstore TUF endpoints are unreachable.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.3 — 2026-04-30\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip OS keyring access at startup when \u003ccode\u003eGITGUARDIAN_API_KEY\u003c/code\u003e is set in the environment (or in a \u003ccode\u003e.env\u003c/code\u003e file). This avoids redundant keychain unlock prompts on systems using multiple ggshield instances.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.2 — 2026-04-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003euv tool install ggshield\u003c/code\u003e resolution by requiring sigstore 4, avoiding sigstore 3's transitive pre-release dependency on \u003ccode\u003ebetterproto\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.1 — 2026-04-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed plugin signature verification in PyInstaller-based packages by bundling sigstore's embedded TUF trust roots.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.0 — 2026-04-28\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eggshield is now available as a MSI package.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd sigstore signature verification for plugin wheels, enforcing identity-based trust via OIDC. Install and update operations are strict by default, while \u003ccode\u003e--allow-unsigned\u003c/code\u003e persists an explicit trust exception for the exact wheel hash so explicitly accepted unsigned plugins can still load at runtime.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAPI tokens are now stored in the OS credential store (macOS Keychain, Windows Credential Locker, Linux Secret Service) via the \u003ccode\u003ekeyring\u003c/code\u003e library instead of cleartext in \u003ccode\u003eauth_config.yaml\u003c/code\u003e. Existing cleartext tokens are migrated automatically the next time the configuration is saved. If no OS credential store is available or \u003ccode\u003eGGSHIELD_NO_KEYRING=1\u003c/code\u003e, file-based storage is used as a fall-back.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a new \u003ccode\u003esecret.fail_on_server_error\u003c/code\u003e configuration option (default \u003ccode\u003eTrue\u003c/code\u003e), available as the \u003ccode\u003e--fail-on-server-error/--no-fail-on-server-error\u003c/code\u003e flag or \u003ccode\u003eGITGUARDIAN_FAIL_ON_SERVER_ERROR\u003c/code\u003e environment variable. When set to \u003ccode\u003eFalse\u003c/code\u003e, \u003ccode\u003esecret scan pre-commit\u003c/code\u003e, \u003ccode\u003esecret scan pre-push\u003c/code\u003e, \u003ccode\u003esecret scan pre-receive\u003c/code\u003e, and \u003ccode\u003esecret scan ci\u003c/code\u003e exit with code \u003ccode\u003e0\u003c/code\u003e and display a warning instead of blocking the git operation when the GitGuardian server is unreachable or returns a 5xx response. The default preserves the previous blocking behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew \u003ccode\u003eggshield ai discover\u003c/code\u003e command.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/4d84f4b8446d7d3543ee184af0a47f80a76ca476\"\u003e\u003ccode\u003e4d84f4b\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/bf7888634db6679002e6df42ba970836c97775d3\"\u003e\u003ccode\u003ebf78886\u003c/code\u003e\u003c/a\u003e fix(plugins): skip TUF update on --allow-unsigned\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/887cfae8f31533a243e53f14cbec78781b67c4a6\"\u003e\u003ccode\u003e887cfae\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/6d3c7bc5b56f53feca90db3f063f30db8696142e\"\u003e\u003ccode\u003e6d3c7bc\u003c/code\u003e\u003c/a\u003e fix(auth): do not query keyring if API key env var is set\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/87a2dd9d93c80b156386fb6ee06f9d94628b772c\"\u003e\u003ccode\u003e87a2dd9\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/c389616a2f41efca4d73caf106ac67db4502a890\"\u003e\u003ccode\u003ec389616\u003c/code\u003e\u003c/a\u003e fix(deps): make uv install resolve without prereleases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/093a0ffd9d503544ad0660c04e385d4c0e226280\"\u003e\u003ccode\u003e093a0ff\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/e293768591ad627bd563e521b24d5ee24d9d5273\"\u003e\u003ccode\u003ee293768\u003c/code\u003e\u003c/a\u003e ci(release): upload MSI to github releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/4d9179c05fd3f02fda5d3c370c4bbcea1b91b225\"\u003e\u003ccode\u003e4d9179c\u003c/code\u003e\u003c/a\u003e fix: bundle sigstore roots in PyInstaller packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/48630d5d474114c420ce295214a52bd8aefd79c2\"\u003e\u003ccode\u003e48630d5\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gitguardian/ggshield/compare/edac2af7a4c4670e24600482e6ae0b3e2bb52160...4d84f4b8446d7d3543ee184af0a47f80a76ca476\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webfactory/ssh-agent` from 0.9.0 to 0.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.0 [2024-02-06]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all versions of \u003ccode\u003eactions/checkout\u003c/code\u003e to v4 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate to Node 20 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.8.0 [2023-03-24]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNo longer writing GitHub's SSH host keys to \u003ccode\u003eknown_hosts\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate to actions/checkout@v3 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow the user to override the commands for git, ssh-agent, and ssh-add (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.7.0 [2022-10-19]\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003elog-public-key\u003c/code\u003e input that can be used to turn off logging key identities (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path to \u003ccode\u003egit\u003c/code\u003e binary on Windows, assuming GitHub-hosted runners (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/136\"\u003e#136\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a nonsensical log message (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.0 [2022-10-19]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the version of Node used by the action from 12 to 16 (\u003ca href=\"https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/\"\u003ehttps://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.4 [2021-11-21]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/dc588b651fe13675774614f8e6a936a468676387...e83874834305fe9a4a2997156cb26c5de65a8555\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commitizen-tools/commitizen-action` from 0.24.0 to 0.27.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/commitizen-tools/commitizen-action/releases\"\u003ecommitizen-tools/commitizen-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.27.1 (2026-02-17)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecorrectly set next_version_major and next_version_minor outputs\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[master 338bbd8] bump: version 0.27.0 → 0.27.1\n2 files changed, 7 insertions(+), 1 deletion(-)\u003c/p\u003e\n\u003ch2\u003e0.27.0 (2026-01-17)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003e--build-metadata\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[master 2e8226b] bump: version 0.26.0 → 0.27.0\n2 files changed, 7 insertions(+), 1 deletion(-)\u003c/p\u003e\n\u003ch2\u003e0.26.0 (2025-11-19)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd gpg-agent\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[master bb4f1df] bump: version 0.25.0 → 0.26.0\n2 files changed, 7 insertions(+), 1 deletion(-)\u003c/p\u003e\n\u003ch2\u003e0.25.0 (2025-11-16)\u003c/h2\u003e\n\u003ch3\u003eBREAKING CHANGE\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThis update requires commitizen \u0026gt; 4.10 in order to use --minor and --major\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd more output information\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[master 9615e7b] bump: version 0.24.0 → 0.25.0\n2 files changed, 11 insertions(+), 1 deletion(-)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/commitizen-tools/commitizen-action/blob/master/CHANGELOG.md\"\u003ecommitizen-tools/commitizen-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.27.1 (2026-02-17)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecorrectly set next_version_major and next_version_minor outputs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.27.0 (2026-01-17)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003e--build-metadata\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.0 (2025-11-19)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd gpg-agent\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0 (2025-11-16)\u003c/h2\u003e\n\u003ch3\u003eBREAKING CHANGE\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThis update requires commitizen \u0026gt; 4.10 in order to use --minor and --major\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd more output information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.0 (2025-02-25)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for manual version bumping\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.23.1 (2024-12-21)\u003c/h2\u003e\n\u003ch2\u003e0.23.0 (2024-12-09)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen-action/issues/55\"\u003e#55\u003c/a\u003e\u003c/strong\u003e: add ACTOR input parameter\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.22.0 (2024-11-06)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd working-directory input\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.21.0 (2024-03-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/338bbd841b75aaee6bf5340e1fa12f6ab58ff9ff\"\u003e\u003ccode\u003e338bbd8\u003c/code\u003e\u003c/a\u003e bump: version 0.27.0 → 0.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/8ce5a4ded4f30babfd29493576840e7a67db7c32\"\u003e\u003ccode\u003e8ce5a4d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen-action/issues/110\"\u003e#110\u003c/a\u003e from BjoernPetersen/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/b71e34a536e91f0b07539be54ff89ebcaea85ef6\"\u003e\u003ccode\u003eb71e34a\u003c/code\u003e\u003c/a\u003e fix: correctly set next_version_major and next_version_minor outputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/2e8226b3e7e141ae28de9942957f267eb5d68fb6\"\u003e\u003ccode\u003e2e8226b\u003c/code\u003e\u003c/a\u003e bump: version 0.26.0 → 0.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/f2d9dafa1a01a7429a5d7827404cf8e9094517d4\"\u003e\u003ccode\u003ef2d9daf\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003e--build-metadata\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/bb4f1df6601e2a1a891506581b0c53acdc88e07d\"\u003e\u003ccode\u003ebb4f1df\u003c/code\u003e\u003c/a\u003e bump: version 0.25.0 → 0.26.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/3a021a42374acb88b332c30a59c971d08bd4ed0f\"\u003e\u003ccode\u003e3a021a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen-action/issues/104\"\u003e#104\u003c/a\u003e from commitizen-tools/fix/add-gpg-agent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/a5c032df72e42a388bc223ce22311f259fc73b5c\"\u003e\u003ccode\u003ea5c032d\u003c/code\u003e\u003c/a\u003e feat: add gpg-agent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/9615e7be1cf341393c52e865ebbdaa0712176d81\"\u003e\u003ccode\u003e9615e7b\u003c/code\u003e\u003c/a\u003e bump: version 0.24.0 → 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/cd7feb8558ec5ba1a01497e43022c36180ec2bad\"\u003e\u003ccode\u003ecd7feb8\u003c/code\u003e\u003c/a\u003e feat: add more output information\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/commitizen-tools/commitizen-action/compare/5b0848cd060263e24602d1eba03710e056ef7711...338bbd841b75aaee6bf5340e1fa12f6ab58ff9ff\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/mighty-muffin/insecure-bank/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mighty-muffin%2Finsecure-bank/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"},{"uuid":"4425505967","node_id":"PR_kwDOKO4rpM7afJn8","number":193,"state":"closed","title":"⬆️ gha: Bump the github-actions group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T03:51:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T01:34:40.000Z","updated_at":"2026-05-19T03:51:36.000Z","time_to_close":613014,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆️ gha: Bump","group_name":"github-actions","update_count":13,"packages":[{"name":"step-security/harden-runner","old_version":"2.15.0","new_version":"2.19.1","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/setup-go","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-go"},{"name":"github/codeql-action","old_version":"4.32.5","new_version":"4.35.4","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/dependency-review-action","old_version":"4.8.3","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"reviewdog/action-golangci-lint","old_version":"2.8.0","new_version":"2.10.0","repository_url":"https://github.com/reviewdog/action-golangci-lint"},{"name":"reviewdog/action-alex","old_version":"1.16.0","new_version":"1.16.1","repository_url":"https://github.com/reviewdog/action-alex"},{"name":"reviewdog/action-actionlint","old_version":"1.71.0","new_version":"1.72.0","repository_url":"https://github.com/reviewdog/action-actionlint"},{"name":"mikepenz/release-changelog-builder-action","old_version":"6.1.1","new_version":"6.2.1","repository_url":"https://github.com/mikepenz/release-changelog-builder-action"},{"name":"softprops/action-gh-release","old_version":"2.5.0","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"aws-actions/configure-aws-credentials","old_version":"6.0.0","new_version":"6.1.1","repository_url":"https://github.com/aws-actions/configure-aws-credentials"},{"name":"test-summary/action","old_version":"2.4","new_version":"2.6","repository_url":"https://github.com/test-summary/action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.15.0` | `2.19.1` |\n| [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` | `6.4.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.5` | `4.35.4` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.3` | `5.0.0` |\n| [reviewdog/action-golangci-lint](https://github.com/reviewdog/action-golangci-lint) | `2.8.0` | `2.10.0` |\n| [reviewdog/action-alex](https://github.com/reviewdog/action-alex) | `1.16.0` | `1.16.1` |\n| [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.71.0` | `1.72.0` |\n| [mikepenz/release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action) | `6.1.1` | `6.2.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `3.0.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.1` |\n| [test-summary/action](https://github.com/test-summary/action) | `2.4` | `2.6` |\n\n\nUpdates `step-security/harden-runner` from 2.15.0 to 2.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eGlobal Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.\u003c/p\u003e\n\u003cp\u003eDeploy on Self-Hosted VM: Added \u003ccode\u003edeploy-on-self-hosted-vm\u003c/code\u003e input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.17.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003ePolicy Store Support\u003c/h3\u003e\n\u003cp\u003eAdded \u003ccode\u003euse-policy-store\u003c/code\u003e and \u003ccode\u003eapi-key\u003c/code\u003e inputs to fetch security policies directly from the \u003ca href=\"https://docs.stepsecurity.io/harden-runner/policy-store\"\u003eStepSecurity Policy Store\u003c/a\u003e. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing \u003ccode\u003epolicy\u003c/code\u003e input which requires \u003ccode\u003eid-token: write\u003c/code\u003e permission. If no policy is found in the store, the action defaults to audit mode.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.16.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6c3c2f2c1c457b00c10c4848d6f5491db3b629df\"\u003e\u003ccode\u003e6c3c2f2\u003c/code\u003e\u003c/a\u003e Feature/deploy on self hosted vm (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/658\"\u003e#658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/f808768d1510423e83855289c910610ca9b43176\"\u003e\u003ccode\u003ef808768\u003c/code\u003e\u003c/a\u003e Feature/policy store (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/656\"\u003e#656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fe104658747b27e96e4f7e80cd0a94068e53901d\"\u003e\u003ccode\u003efe10465\u003c/code\u003e\u003c/a\u003e v2.16.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/654\"\u003e#654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594\"\u003e\u003ccode\u003efa2e9d6\u003c/code\u003e\u003c/a\u003e Release v2.16.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/58077d3c7e43986b6b15fba718e8ea69e387dfcc\"\u003e\u003ccode\u003e58077d3\u003c/code\u003e\u003c/a\u003e Release v2.15.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/641\"\u003e#641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-go` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-go/releases\"\u003eactions/setup-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd go-download-base-url input for custom Go distributions by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/721\"\u003eactions/setup-go#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency update\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/727\"\u003eactions/setup-go#727\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation update\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRearrange README.md, add advanced-usage.md by \u003ca href=\"https://github.com/priyagupta108\"\u003e\u003ccode\u003e@​priyagupta108\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/724\"\u003eactions/setup-go#724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Microsoft build of Go link by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/734\"\u003eactions/setup-go#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/721\"\u003eactions/setup-go#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-go/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-go/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c\"\u003e\u003ccode\u003e4a36011\u003c/code\u003e\u003c/a\u003e docs: fix Microsoft build of Go link (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/734\"\u003e#734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d\"\u003e\u003ccode\u003e8f19afc\u003c/code\u003e\u003c/a\u003e feat: add go-download-base-url input for custom Go distributions (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/721\"\u003e#721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a\"\u003e\u003ccode\u003e27fdb26\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/727\"\u003e#727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b\"\u003e\u003ccode\u003edef8c39\u003c/code\u003e\u003c/a\u003e Rearrange README.md, add advanced-usage.md (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/724\"\u003e#724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.5 to 4.35.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003e\u003ccode\u003e68bde55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3885\"\u003e#3885\u003c/a\u003e from github/update-v4.35.4-803d9e8c3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9739ad2d182c072da0d01a6887f7f39620f71b1e\"\u003e\u003ccode\u003e9739ad2\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/803d9e8c3ca8b0dd2029a1da3b541a18b6bfb076\"\u003e\u003ccode\u003e803d9e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3883\"\u003e#3883\u003c/a\u003e from github/mbg/test/macro-wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0fd9c7d1358a7404e46ed8165f12262f56bd1434\"\u003e\u003ccode\u003e0fd9c7d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3882\"\u003e#3882\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/922d6fb888d665134eb982b150b8912dbd48e21a\"\u003e\u003ccode\u003e922d6fb\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003emakeMacro\u003c/code\u003e instead of \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/df77e87896689b5c736433984c5df14d86c63d56\"\u003e\u003ccode\u003edf77e87\u003c/code\u003e\u003c/a\u003e Update test macro snippet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6e3f985e4fc409a188c7701b68c4dec158c9ced3\"\u003e\u003ccode\u003e6e3f985\u003c/code\u003e\u003c/a\u003e Add wrapper for \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e7a347dfb1bfb7a858347623fcb4f650effca6b5\"\u003e\u003ccode\u003ee7a347d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3881\"\u003e#3881\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/17eabb2500031486a71e00ecbcb72c73804a6c9f\"\u003e\u003ccode\u003e17eabb2\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/aaef09c48db2dd7f0100363de1785963a34cd706\"\u003e\u003ccode\u003eaaef09c\u003c/code\u003e\u003c/a\u003e Bump ruby/setup-ruby\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.8.3 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependency Review Action 4.9.0\u003c/h2\u003e\n\u003cp\u003eThis feature release contains a couple of notable changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThere is a new configuration option \u003ccode\u003eshow_patched_versions\u003c/code\u003e which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eRuns which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eThere are a couple of fixes to purl parsing which should improve match accuracy for \u003ccode\u003eallow-package-dependency\u003c/code\u003e lists, including case (in)sensitivity and url-encoded namespaces Thanks \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare normalized purls to account for encoding quirks by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1056\"\u003eactions/dependency-review-action#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake purl comparisons case insensitive by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1057\"\u003eactions/dependency-review-action#1057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeat: Add \u003ccode\u003ePatched Version\u003c/code\u003e to \u003ccode\u003eVulnerabilities\u003c/code\u003e summary by \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1045\"\u003eactions/dependency-review-action#1045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only get scorecard levels if user wants to see the OpenSSF scorecard by \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 10.1.0 to 10.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1058\"\u003eactions/dependency-review-action#1058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1021\"\u003eactions/dependency-review-action#1021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates for release 4.9.0 by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1064\"\u003eactions/dependency-review-action#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/05fe4576374b728f0c523d6a13d64c25081e0803...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-golangci-lint` from 2.8.0 to 2.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/releases\"\u003ereviewdog/action-golangci-lint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v2.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: update go download url by \u003ca href=\"https://github.com/kurochan\"\u003e\u003ccode\u003e@​kurochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/817\"\u003ereviewdog/action-golangci-lint#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.19.37 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/802\"\u003ereviewdog/action-golangci-lint#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.4.6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/805\"\u003ereviewdog/action-golangci-lint#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​vercel/ncc\u003c/code\u003e to v0.38.4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/812\"\u003ereviewdog/action-golangci-lint#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v4.3.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/813\"\u003ereviewdog/action-golangci-lint#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency eslint-plugin-import to v2.32.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/814\"\u003ereviewdog/action-golangci-lint#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e and eslint-plugin-jest by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/818\"\u003ereviewdog/action-golangci-lint#818\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency prettier to v3.8.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/819\"\u003ereviewdog/action-golangci-lint#819\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency typescript to v5.9.3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/820\"\u003ereviewdog/action-golangci-lint#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.32.6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/821\"\u003ereviewdog/action-golangci-lint#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-actionlint action to v1.71.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/822\"\u003ereviewdog/action-golangci-lint#822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-eslint action to v1.34.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/823\"\u003ereviewdog/action-golangci-lint#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade Node.js runtime to v24 by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/824\"\u003ereviewdog/action-golangci-lint#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate to ES Modules with Rollup by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/825\"\u003ereviewdog/action-golangci-lint#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/827\"\u003ereviewdog/action-golangci-lint#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump eslint 10.0.3 by \u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/832\"\u003ereviewdog/action-golangci-lint#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eintroduce bundle script by \u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/835\"\u003ereviewdog/action-golangci-lint#835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update node.js to v24.14.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/836\"\u003ereviewdog/action-golangci-lint#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-node action to v6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/828\"\u003ereviewdog/action-golangci-lint#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/829\"\u003ereviewdog/action-golangci-lint#829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kurochan\"\u003e\u003ccode\u003e@​kurochan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/817\"\u003ereviewdog/action-golangci-lint#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/824\"\u003ereviewdog/action-golangci-lint#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/compare/v2.9.0...v2.10.0\"\u003ehttps://github.com/reviewdog/action-golangci-lint/compare/v2.9.0...v2.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Go to v1.23 by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/783\"\u003ereviewdog/action-golangci-lint#783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(config): migrate renovate config by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/784\"\u003ereviewdog/action-golangci-lint#784\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.28.13 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/781\"\u003ereviewdog/action-golangci-lint#781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/semver\u003c/code\u003e to v7.7.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/786\"\u003ereviewdog/action-golangci-lint#786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.17.28 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/787\"\u003ereviewdog/action-golangci-lint#787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CI to check golintci-lint config by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/790\"\u003ereviewdog/action-golangci-lint#790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.golangci.v1.yml: disable golint by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/791\"\u003ereviewdog/action-golangci-lint#791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.3.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/792\"\u003ereviewdog/action-golangci-lint#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.3.2 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/799\"\u003ereviewdog/action-golangci-lint#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-node action to v4.4.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/800\"\u003ereviewdog/action-golangci-lint#800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.28.15 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/796\"\u003ereviewdog/action-golangci-lint#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.17.30 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/793\"\u003ereviewdog/action-golangci-lint#793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency typescript to v5.8.3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/794\"\u003ereviewdog/action-golangci-lint#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency js-yaml to v4.1.1 [security] by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/810\"\u003ereviewdog/action-golangci-lint#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e and eslint-plugin-jest (major) by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/727\"\u003ereviewdog/action-golangci-lint#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update haya14busa/action-bumpr action to v1.11.4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/795\"\u003ereviewdog/action-golangci-lint#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update haya14busa/action-update-semver action to v1.5.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/797\"\u003ereviewdog/action-golangci-lint#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.31.8 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/801\"\u003ereviewdog/action-golangci-lint#801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/c76cceaaab89abe74e649d2e34c6c9adc26662d2\"\u003e\u003ccode\u003ec76ccea\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/829\"\u003e#829\u003c/a\u003e from reviewdog/renovate/github-codeql-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/6381f9840173f5bf1dd06c6c05ea4735db76f0be\"\u003e\u003ccode\u003e6381f98\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/89de6bb90b32be99e9910a2888948ed3dfe6af7d\"\u003e\u003ccode\u003e89de6bb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/828\"\u003e#828\u003c/a\u003e from reviewdog/renovate/actions-setup-node-6.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/0c74698972d41c9418acf5e16e13e114ff2cad7f\"\u003e\u003ccode\u003e0c74698\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/d0c4e9d9525555e62a0d54cf67b89c96f00437a1\"\u003e\u003ccode\u003ed0c4e9d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/836\"\u003e#836\u003c/a\u003e from reviewdog/renovate/node-24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/c2a63d69d1acbfa831c574899e630f70f29c445d\"\u003e\u003ccode\u003ec2a63d6\u003c/code\u003e\u003c/a\u003e chore(deps): update node.js to v24.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/3943b33a58d990d2bddbe92ad09d129a532ad6a0\"\u003e\u003ccode\u003e3943b33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/835\"\u003e#835\u003c/a\u003e from reviewdog/introduce-bundle-script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/575ba3109bc3234b78d0520562beb2c4a40d62bb\"\u003e\u003ccode\u003e575ba31\u003c/code\u003e\u003c/a\u003e update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/a69b2ade8c81d090c53095e9ba3f2efc838080f9\"\u003e\u003ccode\u003ea69b2ad\u003c/code\u003e\u003c/a\u003e bump lockfileVersion to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/2a19ff60992f354a2e04a69b10e22decd658eaf5\"\u003e\u003ccode\u003e2a19ff6\u003c/code\u003e\u003c/a\u003e install rimraf\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/compare/f9bba13753278f6a73b27a56a3ffb1bfda90ed71...c76cceaaab89abe74e649d2e34c6c9adc26662d2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-alex` from 1.16.0 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-alex/releases\"\u003ereviewdog/action-alex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.16.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: Pin GitHub Actions with commit SHA using pinact by \u003ca href=\"https://github.com/haya14busa\"\u003e\u003ccode\u003e@​haya14busa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/47\"\u003ereviewdog/action-alex#47\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-shellcheck action to v1.30.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/48\"\u003ereviewdog/action-alex#48\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: propagate exit code for fail_on_error support by \u003ca href=\"https://github.com/vincent067\"\u003e\u003ccode\u003e@​vincent067\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/59\"\u003ereviewdog/action-alex#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vincent067\"\u003e\u003ccode\u003e@​vincent067\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/59\"\u003ereviewdog/action-alex#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/reviewdog/action-alex/compare/v1.16.0...v1.16.1\"\u003ehttps://github.com/reviewdog/action-alex/compare/v1.16.0...v1.16.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/b6673b547eeb6d430c87ef02dc3524bdf34e324d\"\u003e\u003ccode\u003eb6673b5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/59\"\u003e#59\u003c/a\u003e from vincent067/fix-fail-on-error-exit-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/117bd5855dea9fbf4f62bed06615f4fd01840569\"\u003e\u003ccode\u003e117bd58\u003c/code\u003e\u003c/a\u003e fix: propagate exit code to make fail_on_error work correctly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/ee2bd61307cf0eb11f6ce460d58352e10bf4b8b7\"\u003e\u003ccode\u003eee2bd61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/48\"\u003e#48\u003c/a\u003e from reviewdog/renovate/reviewdog-action-shellcheck-1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/7b37af6b84908d4e7515e4bc81a94e83b435375d\"\u003e\u003ccode\u003e7b37af6\u003c/code\u003e\u003c/a\u003e chore(deps): update reviewdog/action-shellcheck action to v1.30.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/dd45e4f3127a4bb11c96a375adbdecdf27218d55\"\u003e\u003ccode\u003edd45e4f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/47\"\u003e#47\u003c/a\u003e from reviewdog/pinact-readme-20250319-031733\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/0fa17b0d9543cae655526dc38be46d954d1d42a9\"\u003e\u003ccode\u003e0fa17b0\u003c/code\u003e\u003c/a\u003e README: Pin GitHub Actions with commit SHA using pinact\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/reviewdog/action-alex/compare/6083b8ca333981fa617c6828c5d8fb21b13d916b...b6673b547eeb6d430c87ef02dc3524bdf34e324d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-actionlint` from 1.71.0 to 1.72.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-actionlint/releases\"\u003ereviewdog/action-actionlint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.72.0\u003c/h2\u003e\n\u003cp\u003ev1.72.0: PR \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/196\"\u003e#196\u003c/a\u003e - chore(deps): update actionlint to 1.7.12\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/6fb7acc99f4a1008869fa8a0f09cfca740837d9d\"\u003e\u003ccode\u003e6fb7acc\u003c/code\u003e\u003c/a\u003e bump v1.72.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/b2a904a8c140063d06dc5319ba69a672d7a4909d\"\u003e\u003ccode\u003eb2a904a\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into releases/v1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/5eaffa19a1991ecc52b11eddcdd57760d1ac7e3d\"\u003e\u003ccode\u003e5eaffa1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/196\"\u003e#196\u003c/a\u003e from reviewdog/depup/actionlint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/39a67548aa7718c321746aa5a54a9e8034505cde\"\u003e\u003ccode\u003e39a6754\u003c/code\u003e\u003c/a\u003e chore(deps): update actionlint to 1.7.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/d39025c0fb1cc41ac827852403ea94804b0e6907\"\u003e\u003ccode\u003ed39025c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/195\"\u003e#195\u003c/a\u003e from reviewdog/renovate/docker-setup-buildx-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/2e8272d25ca2b89be8abc6a0b65c8c5e8a5eae05\"\u003e\u003ccode\u003e2e8272d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/194\"\u003e#194\u003c/a\u003e from reviewdog/renovate/docker-setup-qemu-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/128d9b7b1e43f8eaef5602138f5c9f80ee3c3149\"\u003e\u003ccode\u003e128d9b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/190\"\u003e#190\u003c/a\u003e from reviewdog/renovate/shogo82148-actions-create-rel...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/1674e4f79a2bf9c94d1d301e60b8f8226eea0137\"\u003e\u003ccode\u003e1674e4f\u003c/code\u003e\u003c/a\u003e chore(deps): update docker/setup-buildx-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/8fdb9d20764d93bca3a294fe7fd615fcf8a82332\"\u003e\u003ccode\u003e8fdb9d2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/189\"\u003e#189\u003c/a\u003e from reviewdog/renovate/docker-setup-buildx-action-3.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/a518ce8798c4eda875ca9e369388679ec67ac3ac\"\u003e\u003ccode\u003ea518ce8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/188\"\u003e#188\u003c/a\u003e from reviewdog/renovate/peter-evans-create-pull-reque...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reviewdog/action-actionlint/compare/0d952c597ef8459f634d7145b0b044a9699e5e43...6fb7acc99f4a1008869fa8a0f09cfca740837d9d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mikepenz/release-changelog-builder-action` from 6.1.1 to 6.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/releases\"\u003emikepenz/release-changelog-builder-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.1\u003c/h2\u003e\n\u003ch2\u003e🐛 Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle multi-line commit bodies in git log parsing\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1553\"\u003e#1553\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e💬 Other\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove Renovate workflow\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1551\"\u003e#1551\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributors:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz\"\u003e\u003ccode\u003e@​mikepenz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003e💬 Other\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity hardening: Renovate, SHA-pinned actions, least-privilege permissions\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1536\"\u003e#1536\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix: use PR author for commit-dist job condition\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1541\"\u003e#1541\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/upload-artifact from 6 to 7\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1523\"\u003e#1523\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump mikepenz/action-gh-release from 1 to 2\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1529\"\u003e#1529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1531\"\u003e#1531\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump the dev-dependencies group with 4 updates\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1532\"\u003e#1532\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump vitest from 4.0.18 to 4.1.0\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1533\"\u003e#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump https-proxy-agent from 7.0.6 to 8.0.0\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1534\"\u003e#1534\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1535\"\u003e#1535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency glob to v11.1.0 [security]\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1537\"\u003e#1537\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): pin mikepenz/release-changelog-builder-action action to d7b8cec\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1539\"\u003e#1539\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency undici to v7\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1540\"\u003e#1540\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore: upgrade TypeScript to v6\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1543\"\u003e#1543\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore: pin all dependencies to exact versions\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1544\"\u003e#1544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update mikepenz/release-changelog-builder-action digest to a77ddc5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/bcae7115752d4ed746ff92feb666574428a79415\"\u003e\u003ccode\u003ebcae711\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1554\"\u003e#1554\u003c/a\u003e from mikepenz/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/5795a331a1896dc0d5df89bc33a6eb5f85ec3381\"\u003e\u003ccode\u003e5795a33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1553\"\u003e#1553\u003c/a\u003e from mikepenz/fix/multiline-commit-body-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/f5544cb178b60efb5ed9c2103aec3ae8d1347aab\"\u003e\u003ccode\u003ef5544cb\u003c/code\u003e\u003c/a\u003e fix: use git %x00/%x1f format placeholders instead of literal bytes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/7ebd13b3034b0e0464e3cc5cc63a215af1670fa3\"\u003e\u003ccode\u003e7ebd13b\u003c/code\u003e\u003c/a\u003e fix: use non-printable separators for robust git log parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/787f65d59db64ae02a78eadabe1caa8b270adc8d\"\u003e\u003ccode\u003e787f65d\u003c/code\u003e\u003c/a\u003e fix: handle multi-line commit bodies in git log parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/1d37aec5da47494e13cc58a287454b75bc26d516\"\u003e\u003ccode\u003e1d37aec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1551\"\u003e#1551\u003c/a\u003e from mikepenz/chore/remove-renovate-workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/a8e74a6c873da1027f31c319e4a4cd2672fb6e5f\"\u003e\u003ccode\u003ea8e74a6\u003c/code\u003e\u003c/a\u003e chore: override vite to 8.0.5 to fix vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/202a06fc65105d3872e2a97b05c4716008434838\"\u003e\u003ccode\u003e202a06f\u003c/code\u003e\u003c/a\u003e chore: remove Renovate workflow (using self-hosted app instead)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/2cb9befdbc05f65b8354cc9873cd506509bd0782\"\u003e\u003ccode\u003e2cb9bef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1547\"\u003e#1547\u003c/a\u003e from mikepenz/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/0cc28988c351cc996275143ae3ea584dcc19d31d\"\u003e\u003ccode\u003e0cc2898\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1546\"\u003e#1546\u003c/a\u003e from mikepenz/renovate/glob-13.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/compare/a34a8009a9588bb86b02a873cf592440e96a5da8...bcae7115752d4ed746ff92feb666574428a79415\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.5.0 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNod...\n\n_Description has been truncated_","html_url":"https://github.com/bendoerr-terraform-modules/terraform-aws-tfstate/pull/193","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bendoerr-terraform-modules%2Fterraform-aws-tfstate/issues/193","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/193/packages"},{"uuid":"4424460252","node_id":"PR_kwDOK4HaY87abxyS","number":149,"state":"closed","title":"⬆️ (deps-ghaction): Bump the github-actions group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T23:33:04.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T21:33:42.000Z","updated_at":"2026-05-18T23:33:06.000Z","time_to_close":611962,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆️ (deps-ghaction): Bump","group_name":"github-actions","update_count":13,"packages":[{"name":"step-security/harden-runner","old_version":"2.15.0","new_version":"2.19.1","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/setup-go","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-go"},{"name":"github/codeql-action","old_version":"4.32.5","new_version":"4.35.4","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/dependency-review-action","old_version":"4.8.3","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"reviewdog/action-golangci-lint","old_version":"2.8.0","new_version":"2.10.0","repository_url":"https://github.com/reviewdog/action-golangci-lint"},{"name":"reviewdog/action-alex","old_version":"1.16.0","new_version":"1.16.1","repository_url":"https://github.com/reviewdog/action-alex"},{"name":"reviewdog/action-actionlint","old_version":"1.71.0","new_version":"1.72.0","repository_url":"https://github.com/reviewdog/action-actionlint"},{"name":"mikepenz/release-changelog-builder-action","old_version":"6.1.1","new_version":"6.2.1","repository_url":"https://github.com/mikepenz/release-changelog-builder-action"},{"name":"softprops/action-gh-release","old_version":"2.5.0","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"aws-actions/configure-aws-credentials","old_version":"6.0.0","new_version":"6.1.1","repository_url":"https://github.com/aws-actions/configure-aws-credentials"},{"name":"test-summary/action","old_version":"2.4","new_version":"2.6","repository_url":"https://github.com/test-summary/action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.15.0` | `2.19.1` |\n| [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` | `6.4.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.5` | `4.35.4` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.3` | `5.0.0` |\n| [reviewdog/action-golangci-lint](https://github.com/reviewdog/action-golangci-lint) | `2.8.0` | `2.10.0` |\n| [reviewdog/action-alex](https://github.com/reviewdog/action-alex) | `1.16.0` | `1.16.1` |\n| [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.71.0` | `1.72.0` |\n| [mikepenz/release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action) | `6.1.1` | `6.2.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `3.0.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.1` |\n| [test-summary/action](https://github.com/test-summary/action) | `2.4` | `2.6` |\n\n\nUpdates `step-security/harden-runner` from 2.15.0 to 2.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eGlobal Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.\u003c/p\u003e\n\u003cp\u003eDeploy on Self-Hosted VM: Added \u003ccode\u003edeploy-on-self-hosted-vm\u003c/code\u003e input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.17.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003ePolicy Store Support\u003c/h3\u003e\n\u003cp\u003eAdded \u003ccode\u003euse-policy-store\u003c/code\u003e and \u003ccode\u003eapi-key\u003c/code\u003e inputs to fetch security policies directly from the \u003ca href=\"https://docs.stepsecurity.io/harden-runner/policy-store\"\u003eStepSecurity Policy Store\u003c/a\u003e. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing \u003ccode\u003epolicy\u003c/code\u003e input which requires \u003ccode\u003eid-token: write\u003c/code\u003e permission. If no policy is found in the store, the action defaults to audit mode.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.16.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6c3c2f2c1c457b00c10c4848d6f5491db3b629df\"\u003e\u003ccode\u003e6c3c2f2\u003c/code\u003e\u003c/a\u003e Feature/deploy on self hosted vm (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/658\"\u003e#658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/f808768d1510423e83855289c910610ca9b43176\"\u003e\u003ccode\u003ef808768\u003c/code\u003e\u003c/a\u003e Feature/policy store (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/656\"\u003e#656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fe104658747b27e96e4f7e80cd0a94068e53901d\"\u003e\u003ccode\u003efe10465\u003c/code\u003e\u003c/a\u003e v2.16.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/654\"\u003e#654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594\"\u003e\u003ccode\u003efa2e9d6\u003c/code\u003e\u003c/a\u003e Release v2.16.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/58077d3c7e43986b6b15fba718e8ea69e387dfcc\"\u003e\u003ccode\u003e58077d3\u003c/code\u003e\u003c/a\u003e Release v2.15.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/641\"\u003e#641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-go` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-go/releases\"\u003eactions/setup-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd go-download-base-url input for custom Go distributions by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/721\"\u003eactions/setup-go#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency update\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/727\"\u003eactions/setup-go#727\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation update\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRearrange README.md, add advanced-usage.md by \u003ca href=\"https://github.com/priyagupta108\"\u003e\u003ccode\u003e@​priyagupta108\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/724\"\u003eactions/setup-go#724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Microsoft build of Go link by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/734\"\u003eactions/setup-go#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/721\"\u003eactions/setup-go#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-go/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-go/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c\"\u003e\u003ccode\u003e4a36011\u003c/code\u003e\u003c/a\u003e docs: fix Microsoft build of Go link (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/734\"\u003e#734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d\"\u003e\u003ccode\u003e8f19afc\u003c/code\u003e\u003c/a\u003e feat: add go-download-base-url input for custom Go distributions (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/721\"\u003e#721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a\"\u003e\u003ccode\u003e27fdb26\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/727\"\u003e#727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b\"\u003e\u003ccode\u003edef8c39\u003c/code\u003e\u003c/a\u003e Rearrange README.md, add advanced-usage.md (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/724\"\u003e#724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.5 to 4.35.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003e\u003ccode\u003e68bde55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3885\"\u003e#3885\u003c/a\u003e from github/update-v4.35.4-803d9e8c3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9739ad2d182c072da0d01a6887f7f39620f71b1e\"\u003e\u003ccode\u003e9739ad2\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/803d9e8c3ca8b0dd2029a1da3b541a18b6bfb076\"\u003e\u003ccode\u003e803d9e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3883\"\u003e#3883\u003c/a\u003e from github/mbg/test/macro-wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0fd9c7d1358a7404e46ed8165f12262f56bd1434\"\u003e\u003ccode\u003e0fd9c7d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3882\"\u003e#3882\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/922d6fb888d665134eb982b150b8912dbd48e21a\"\u003e\u003ccode\u003e922d6fb\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003emakeMacro\u003c/code\u003e instead of \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/df77e87896689b5c736433984c5df14d86c63d56\"\u003e\u003ccode\u003edf77e87\u003c/code\u003e\u003c/a\u003e Update test macro snippet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6e3f985e4fc409a188c7701b68c4dec158c9ced3\"\u003e\u003ccode\u003e6e3f985\u003c/code\u003e\u003c/a\u003e Add wrapper for \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e7a347dfb1bfb7a858347623fcb4f650effca6b5\"\u003e\u003ccode\u003ee7a347d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3881\"\u003e#3881\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/17eabb2500031486a71e00ecbcb72c73804a6c9f\"\u003e\u003ccode\u003e17eabb2\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/aaef09c48db2dd7f0100363de1785963a34cd706\"\u003e\u003ccode\u003eaaef09c\u003c/code\u003e\u003c/a\u003e Bump ruby/setup-ruby\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.8.3 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependency Review Action 4.9.0\u003c/h2\u003e\n\u003cp\u003eThis feature release contains a couple of notable changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThere is a new configuration option \u003ccode\u003eshow_patched_versions\u003c/code\u003e which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eRuns which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eThere are a couple of fixes to purl parsing which should improve match accuracy for \u003ccode\u003eallow-package-dependency\u003c/code\u003e lists, including case (in)sensitivity and url-encoded namespaces Thanks \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare normalized purls to account for encoding quirks by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1056\"\u003eactions/dependency-review-action#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake purl comparisons case insensitive by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1057\"\u003eactions/dependency-review-action#1057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeat: Add \u003ccode\u003ePatched Version\u003c/code\u003e to \u003ccode\u003eVulnerabilities\u003c/code\u003e summary by \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1045\"\u003eactions/dependency-review-action#1045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only get scorecard levels if user wants to see the OpenSSF scorecard by \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 10.1.0 to 10.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1058\"\u003eactions/dependency-review-action#1058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1021\"\u003eactions/dependency-review-action#1021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates for release 4.9.0 by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1064\"\u003eactions/dependency-review-action#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/05fe4576374b728f0c523d6a13d64c25081e0803...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-golangci-lint` from 2.8.0 to 2.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/releases\"\u003ereviewdog/action-golangci-lint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v2.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: update go download url by \u003ca href=\"https://github.com/kurochan\"\u003e\u003ccode\u003e@​kurochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/817\"\u003ereviewdog/action-golangci-lint#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.19.37 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/802\"\u003ereviewdog/action-golangci-lint#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.4.6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/805\"\u003ereviewdog/action-golangci-lint#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​vercel/ncc\u003c/code\u003e to v0.38.4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/812\"\u003ereviewdog/action-golangci-lint#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v4.3.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/813\"\u003ereviewdog/action-golangci-lint#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency eslint-plugin-import to v2.32.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/814\"\u003ereviewdog/action-golangci-lint#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e and eslint-plugin-jest by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/818\"\u003ereviewdog/action-golangci-lint#818\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency prettier to v3.8.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/819\"\u003ereviewdog/action-golangci-lint#819\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency typescript to v5.9.3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/820\"\u003ereviewdog/action-golangci-lint#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.32.6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/821\"\u003ereviewdog/action-golangci-lint#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-actionlint action to v1.71.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/822\"\u003ereviewdog/action-golangci-lint#822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-eslint action to v1.34.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/823\"\u003ereviewdog/action-golangci-lint#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade Node.js runtime to v24 by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/824\"\u003ereviewdog/action-golangci-lint#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate to ES Modules with Rollup by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/825\"\u003ereviewdog/action-golangci-lint#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/827\"\u003ereviewdog/action-golangci-lint#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump eslint 10.0.3 by \u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/832\"\u003ereviewdog/action-golangci-lint#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eintroduce bundle script by \u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/835\"\u003ereviewdog/action-golangci-lint#835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update node.js to v24.14.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/836\"\u003ereviewdog/action-golangci-lint#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-node action to v6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/828\"\u003ereviewdog/action-golangci-lint#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/829\"\u003ereviewdog/action-golangci-lint#829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kurochan\"\u003e\u003ccode\u003e@​kurochan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/817\"\u003ereviewdog/action-golangci-lint#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/824\"\u003ereviewdog/action-golangci-lint#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/compare/v2.9.0...v2.10.0\"\u003ehttps://github.com/reviewdog/action-golangci-lint/compare/v2.9.0...v2.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Go to v1.23 by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/783\"\u003ereviewdog/action-golangci-lint#783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(config): migrate renovate config by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/784\"\u003ereviewdog/action-golangci-lint#784\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.28.13 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/781\"\u003ereviewdog/action-golangci-lint#781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/semver\u003c/code\u003e to v7.7.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/786\"\u003ereviewdog/action-golangci-lint#786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.17.28 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/787\"\u003ereviewdog/action-golangci-lint#787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CI to check golintci-lint config by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/790\"\u003ereviewdog/action-golangci-lint#790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.golangci.v1.yml: disable golint by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/791\"\u003ereviewdog/action-golangci-lint#791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.3.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/792\"\u003ereviewdog/action-golangci-lint#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.3.2 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/799\"\u003ereviewdog/action-golangci-lint#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-node action to v4.4.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/800\"\u003ereviewdog/action-golangci-lint#800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.28.15 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/796\"\u003ereviewdog/action-golangci-lint#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.17.30 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/793\"\u003ereviewdog/action-golangci-lint#793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency typescript to v5.8.3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/794\"\u003ereviewdog/action-golangci-lint#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency js-yaml to v4.1.1 [security] by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/810\"\u003ereviewdog/action-golangci-lint#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e and eslint-plugin-jest (major) by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/727\"\u003ereviewdog/action-golangci-lint#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update haya14busa/action-bumpr action to v1.11.4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/795\"\u003ereviewdog/action-golangci-lint#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update haya14busa/action-update-semver action to v1.5.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/797\"\u003ereviewdog/action-golangci-lint#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.31.8 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/801\"\u003ereviewdog/action-golangci-lint#801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/c76cceaaab89abe74e649d2e34c6c9adc26662d2\"\u003e\u003ccode\u003ec76ccea\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/829\"\u003e#829\u003c/a\u003e from reviewdog/renovate/github-codeql-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/6381f9840173f5bf1dd06c6c05ea4735db76f0be\"\u003e\u003ccode\u003e6381f98\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/89de6bb90b32be99e9910a2888948ed3dfe6af7d\"\u003e\u003ccode\u003e89de6bb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/828\"\u003e#828\u003c/a\u003e from reviewdog/renovate/actions-setup-node-6.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/0c74698972d41c9418acf5e16e13e114ff2cad7f\"\u003e\u003ccode\u003e0c74698\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/d0c4e9d9525555e62a0d54cf67b89c96f00437a1\"\u003e\u003ccode\u003ed0c4e9d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/836\"\u003e#836\u003c/a\u003e from reviewdog/renovate/node-24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/c2a63d69d1acbfa831c574899e630f70f29c445d\"\u003e\u003ccode\u003ec2a63d6\u003c/code\u003e\u003c/a\u003e chore(deps): update node.js to v24.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/3943b33a58d990d2bddbe92ad09d129a532ad6a0\"\u003e\u003ccode\u003e3943b33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/835\"\u003e#835\u003c/a\u003e from reviewdog/introduce-bundle-script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/575ba3109bc3234b78d0520562beb2c4a40d62bb\"\u003e\u003ccode\u003e575ba31\u003c/code\u003e\u003c/a\u003e update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/a69b2ade8c81d090c53095e9ba3f2efc838080f9\"\u003e\u003ccode\u003ea69b2ad\u003c/code\u003e\u003c/a\u003e bump lockfileVersion to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/2a19ff60992f354a2e04a69b10e22decd658eaf5\"\u003e\u003ccode\u003e2a19ff6\u003c/code\u003e\u003c/a\u003e install rimraf\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/compare/f9bba13753278f6a73b27a56a3ffb1bfda90ed71...c76cceaaab89abe74e649d2e34c6c9adc26662d2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-alex` from 1.16.0 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-alex/releases\"\u003ereviewdog/action-alex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.16.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: Pin GitHub Actions with commit SHA using pinact by \u003ca href=\"https://github.com/haya14busa\"\u003e\u003ccode\u003e@​haya14busa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/47\"\u003ereviewdog/action-alex#47\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-shellcheck action to v1.30.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/48\"\u003ereviewdog/action-alex#48\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: propagate exit code for fail_on_error support by \u003ca href=\"https://github.com/vincent067\"\u003e\u003ccode\u003e@​vincent067\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/59\"\u003ereviewdog/action-alex#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vincent067\"\u003e\u003ccode\u003e@​vincent067\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/59\"\u003ereviewdog/action-alex#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/reviewdog/action-alex/compare/v1.16.0...v1.16.1\"\u003ehttps://github.com/reviewdog/action-alex/compare/v1.16.0...v1.16.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/b6673b547eeb6d430c87ef02dc3524bdf34e324d\"\u003e\u003ccode\u003eb6673b5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/59\"\u003e#59\u003c/a\u003e from vincent067/fix-fail-on-error-exit-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/117bd5855dea9fbf4f62bed06615f4fd01840569\"\u003e\u003ccode\u003e117bd58\u003c/code\u003e\u003c/a\u003e fix: propagate exit code to make fail_on_error work correctly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/ee2bd61307cf0eb11f6ce460d58352e10bf4b8b7\"\u003e\u003ccode\u003eee2bd61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/48\"\u003e#48\u003c/a\u003e from reviewdog/renovate/reviewdog-action-shellcheck-1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/7b37af6b84908d4e7515e4bc81a94e83b435375d\"\u003e\u003ccode\u003e7b37af6\u003c/code\u003e\u003c/a\u003e chore(deps): update reviewdog/action-shellcheck action to v1.30.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/dd45e4f3127a4bb11c96a375adbdecdf27218d55\"\u003e\u003ccode\u003edd45e4f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/47\"\u003e#47\u003c/a\u003e from reviewdog/pinact-readme-20250319-031733\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/0fa17b0d9543cae655526dc38be46d954d1d42a9\"\u003e\u003ccode\u003e0fa17b0\u003c/code\u003e\u003c/a\u003e README: Pin GitHub Actions with commit SHA using pinact\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/reviewdog/action-alex/compare/6083b8ca333981fa617c6828c5d8fb21b13d916b...b6673b547eeb6d430c87ef02dc3524bdf34e324d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-actionlint` from 1.71.0 to 1.72.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-actionlint/releases\"\u003ereviewdog/action-actionlint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.72.0\u003c/h2\u003e\n\u003cp\u003ev1.72.0: PR \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/196\"\u003e#196\u003c/a\u003e - chore(deps): update actionlint to 1.7.12\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/6fb7acc99f4a1008869fa8a0f09cfca740837d9d\"\u003e\u003ccode\u003e6fb7acc\u003c/code\u003e\u003c/a\u003e bump v1.72.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/b2a904a8c140063d06dc5319ba69a672d7a4909d\"\u003e\u003ccode\u003eb2a904a\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into releases/v1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/5eaffa19a1991ecc52b11eddcdd57760d1ac7e3d\"\u003e\u003ccode\u003e5eaffa1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/196\"\u003e#196\u003c/a\u003e from reviewdog/depup/actionlint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/39a67548aa7718c321746aa5a54a9e8034505cde\"\u003e\u003ccode\u003e39a6754\u003c/code\u003e\u003c/a\u003e chore(deps): update actionlint to 1.7.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/d39025c0fb1cc41ac827852403ea94804b0e6907\"\u003e\u003ccode\u003ed39025c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/195\"\u003e#195\u003c/a\u003e from reviewdog/renovate/docker-setup-buildx-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/2e8272d25ca2b89be8abc6a0b65c8c5e8a5eae05\"\u003e\u003ccode\u003e2e8272d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/194\"\u003e#194\u003c/a\u003e from reviewdog/renovate/docker-setup-qemu-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/128d9b7b1e43f8eaef5602138f5c9f80ee3c3149\"\u003e\u003ccode\u003e128d9b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/190\"\u003e#190\u003c/a\u003e from reviewdog/renovate/shogo82148-actions-create-rel...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/1674e4f79a2bf9c94d1d301e60b8f8226eea0137\"\u003e\u003ccode\u003e1674e4f\u003c/code\u003e\u003c/a\u003e chore(deps): update docker/setup-buildx-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/8fdb9d20764d93bca3a294fe7fd615fcf8a82332\"\u003e\u003ccode\u003e8fdb9d2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/189\"\u003e#189\u003c/a\u003e from reviewdog/renovate/docker-setup-buildx-action-3.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/a518ce8798c4eda875ca9e369388679ec67ac3ac\"\u003e\u003ccode\u003ea518ce8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/188\"\u003e#188\u003c/a\u003e from reviewdog/renovate/peter-evans-create-pull-reque...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reviewdog/action-actionlint/compare/0d952c597ef8459f634d7145b0b044a9699e5e43...6fb7acc99f4a1008869fa8a0f09cfca740837d9d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mikepenz/release-changelog-builder-action` from 6.1.1 to 6.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/releases\"\u003emikepenz/release-changelog-builder-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.1\u003c/h2\u003e\n\u003ch2\u003e🐛 Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle multi-line commit bodies in git log parsing\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1553\"\u003e#1553\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e💬 Other\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove Renovate workflow\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1551\"\u003e#1551\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributors:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz\"\u003e\u003ccode\u003e@​mikepenz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003e💬 Other\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity hardening: Renovate, SHA-pinned actions, least-privilege permissions\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1536\"\u003e#1536\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix: use PR author for commit-dist job condition\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1541\"\u003e#1541\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/upload-artifact from 6 to 7\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1523\"\u003e#1523\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump mikepenz/action-gh-release from 1 to 2\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1529\"\u003e#1529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1531\"\u003e#1531\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump the dev-dependencies group with 4 updates\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1532\"\u003e#1532\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump vitest from 4.0.18 to 4.1.0\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1533\"\u003e#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump https-proxy-agent from 7.0.6 to 8.0.0\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1534\"\u003e#1534\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1535\"\u003e#1535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency glob to v11.1.0 [security]\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1537\"\u003e#1537\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): pin mikepenz/release-changelog-builder-action action to d7b8cec\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1539\"\u003e#1539\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency undici to v7\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1540\"\u003e#1540\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore: upgrade TypeScript to v6\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1543\"\u003e#1543\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore: pin all dependencies to exact versions\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1544\"\u003e#1544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update mikepenz/release-changelog-builder-action digest to a77ddc5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/bcae7115752d4ed746ff92feb666574428a79415\"\u003e\u003ccode\u003ebcae711\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1554\"\u003e#1554\u003c/a\u003e from mikepenz/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/5795a331a1896dc0d5df89bc33a6eb5f85ec3381\"\u003e\u003ccode\u003e5795a33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1553\"\u003e#1553\u003c/a\u003e from mikepenz/fix/multiline-commit-body-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/f5544cb178b60efb5ed9c2103aec3ae8d1347aab\"\u003e\u003ccode\u003ef5544cb\u003c/code\u003e\u003c/a\u003e fix: use git %x00/%x1f format placeholders instead of literal bytes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/7ebd13b3034b0e0464e3cc5cc63a215af1670fa3\"\u003e\u003ccode\u003e7ebd13b\u003c/code\u003e\u003c/a\u003e fix: use non-printable separators for robust git log parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/787f65d59db64ae02a78eadabe1caa8b270adc8d\"\u003e\u003ccode\u003e787f65d\u003c/code\u003e\u003c/a\u003e fix: handle multi-line commit bodies in git log parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/1d37aec5da47494e13cc58a287454b75bc26d516\"\u003e\u003ccode\u003e1d37aec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1551\"\u003e#1551\u003c/a\u003e from mikepenz/chore/remove-renovate-workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/a8e74a6c873da1027f31c319e4a4cd2672fb6e5f\"\u003e\u003ccode\u003ea8e74a6\u003c/code\u003e\u003c/a\u003e chore: override vite to 8.0.5 to fix vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/202a06fc65105d3872e2a97b05c4716008434838\"\u003e\u003ccode\u003e202a06f\u003c/code\u003e\u003c/a\u003e chore: remove Renovate workflow (using self-hosted app instead)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/2cb9befdbc05f65b8354cc9873cd506509bd0782\"\u003e\u003ccode\u003e2cb9bef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1547\"\u003e#1547\u003c/a\u003e from mikepenz/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/0cc28988c351cc996275143ae3ea584dcc19d31d\"\u003e\u003ccode\u003e0cc2898\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1546\"\u003e#1546\u003c/a\u003e from mikepenz/renovate/glob-13.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/compare/a34a8009a9588bb86b02a873cf592440e96a5da8...bcae7115752d4ed746ff92feb666574428a79415\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.5.0 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNod...\n\n_Description has been truncated_","html_url":"https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/pull/149","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bendoerr-terraform-modules%2Fterraform-aws-tfuser/issues/149","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/149/packages"},{"uuid":"4423439873","node_id":"PR_kwDORoHcRs7aYbPu","number":205,"state":"closed","title":"chore(deps): bump the github-actions group across 1 directory with 12 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T08:58:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T18:51:43.000Z","updated_at":"2026-05-23T08:58:09.000Z","time_to_close":1001185,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":12,"packages":[{"name":"actions/checkout","old_version":"4.3.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"docker/setup-buildx-action","old_version":"3.12.0","new_version":"4.0.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/login-action","old_version":"3.7.0","new_version":"4.1.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/build-push-action","old_version":"6.19.2","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"actions/attest-build-provenance","old_version":"2.4.0","new_version":"4.1.0","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"sigstore/cosign-installer","old_version":"3.7.0","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"actions/setup-go","old_version":"5.6.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-go"},{"name":"github/codeql-action","old_version":"3.35.2","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` |\n| [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.2.0` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `4.1.0` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.7.0` | `4.1.2` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.35.2` | `4.35.5` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n\n\nUpdates `actions/checkout` from 4.3.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 3.12.0 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/483\"\u003edocker/setup-buildx-action#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated inputs/outputs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/464\"\u003edocker/setup-buildx-action#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/481\"\u003edocker/setup-buildx-action#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/475\"\u003edocker/setup-buildx-action#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/482\"\u003edocker/setup-buildx-action#482\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/485\"\u003edocker/setup-buildx-action#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/452\"\u003edocker/setup-buildx-action#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/472\"\u003edocker/setup-buildx-action#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/480\"\u003edocker/setup-buildx-action#480\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd\"\u003e\u003ccode\u003e4d04d5d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/485\"\u003e#485\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/cd74e05d9bae4eeec789f90ba15dc6fb4b60ae5d\"\u003e\u003ccode\u003ecd74e05\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/eee38ec7b3ed034ee896d3e212e5d11c04562b84\"\u003e\u003ccode\u003eeee38ec\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.79.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/7a83f65b5a215b3c81b210dafdc20362bd2b4e24\"\u003e\u003ccode\u003e7a83f65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/484\"\u003e#484\u003c/a\u003e from docker/dependabot/github_actions/docker/setup-qe...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/a5aa96747d67f62520b42af91aeb306e7374b327\"\u003e\u003ccode\u003ea5aa967\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/464\"\u003e#464\u003c/a\u003e from crazy-max/rm-deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/e73d53fa4ed86ff46faaf2b13a228d6e93c51af3\"\u003e\u003ccode\u003ee73d53f\u003c/code\u003e\u003c/a\u003e build(deps): bump docker/setup-qemu-action from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28a438e9ed9ef7ae2ebd0bf839039005c9501312\"\u003e\u003ccode\u003e28a438e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/483\"\u003e#483\u003c/a\u003e from crazy-max/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/034e9d37dd436b56b0167bea5a11ab731413e8cf\"\u003e\u003ccode\u003e034e9d3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b4664d8fd0ba15ff14560ab001737c666076d5be\"\u003e\u003ccode\u003eb4664d8\u003c/code\u003e\u003c/a\u003e remove deprecated inputs/outputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/a8257dec35f244ad06b4ff6c90fdd2ba97f262ba\"\u003e\u003ccode\u003ea8257de\u003c/code\u003e\u003c/a\u003e node 24 as default runtime\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 3.7.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scoped Docker Hub cleanup path when registry is omitted by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/945\"\u003edocker/login-action#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1020.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/930\"\u003edocker/login-action#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.86.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/932\"\u003edocker/login-action#932\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/936\"\u003edocker/login-action#936\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/952\"\u003edocker/login-action#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.4 to 5.3.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/942\"\u003edocker/login-action#942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/944\"\u003edocker/login-action#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/940\"\u003edocker/login-action#940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/949\"\u003edocker/login-action#949\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 8.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/937\"\u003edocker/login-action#937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/958\"\u003edocker/login-action#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/941\"\u003edocker/login-action#941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/948\"\u003edocker/login-action#948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/938\"\u003edocker/login-action#938\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/login-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/929\"\u003edocker/login-action#929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/927\"\u003edocker/login-action#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/919\"\u003edocker/login-action#919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/910\"\u003edocker/login-action#910\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/928\"\u003edocker/login-action#928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/921\"\u003edocker/login-action#921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/901\"\u003edocker/login-action#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/login-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4907a6ddec9925e35a0a9e82d7399ccc52663121\"\u003e\u003ccode\u003e4907a6d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/930\"\u003e#930\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/1e233e691a8881d7f35ca7c2d5dfaaed80b39636\"\u003e\u003ccode\u003e1e233e6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/6c24ead68057f18c30c808a431f0b85dc25663cb\"\u003e\u003ccode\u003e6c24ead\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/ee034d70944e3546349cd24295914f139342f1e6\"\u003e\u003ccode\u003eee034d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/958\"\u003e#958\u003c/a\u003e from docker/dependabot/npm_and_yarn/lodash-4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/1527209db9734bd2352a2dc1a63d79c9aa5358bb\"\u003e\u003ccode\u003e1527209\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/937\"\u003e#937\u003c/a\u003e from docker/dependabot/npm_and_yarn/proxy-agent-depen...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/d39362aba4d72f8d9d93e0962119840690133e1b\"\u003e\u003ccode\u003ed39362a\u003c/code\u003e\u003c/a\u003e build(deps): bump lodash from 4.17.23 to 4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/a6f092b568105cbb6d9deb7e55e0a4c5c1025fce\"\u003e\u003ccode\u003ea6f092b\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/60953f0bed2120ec69659d271fe18d34bc069779\"\u003e\u003ccode\u003e60953f0\u003c/code\u003e\u003c/a\u003e build(deps): bump the proxy-agent-dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/62c688590fb4ab6c6e89a217ced0a7b2ddcf1340\"\u003e\u003ccode\u003e62c6885\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/936\"\u003e#936\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/102c0e672992d2e992c89b6f4808d65a353b5a1a\"\u003e\u003ccode\u003e102c0e6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...4907a6ddec9925e35a0a9e82d7399ccc52663121\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 6.19.2 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGit context \u003ca href=\"https://docs.docker.com/build/concepts/context/#url-queries\"\u003equery format\u003c/a\u003e support by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.87.0 by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1500\"\u003edocker/build-push-action#1500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.5.7 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1489\"\u003edocker/build-push-action#1489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1491\"\u003edocker/build-push-action#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1490\"\u003edocker/build-push-action#1490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1497\"\u003edocker/build-push-action#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1510\"\u003edocker/build-push-action#1510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1496\"\u003edocker/build-push-action#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1486\"\u003edocker/build-push-action#1486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1509\"\u003edocker/build-push-action#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1470\"\u003edocker/build-push-action#1470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated \u003ccode\u003eDOCKER_BUILD_NO_SUMMARY\u003c/code\u003e and \u003ccode\u003eDOCKER_BUILD_EXPORT_RETENTION_DAYS\u003c/code\u003e envs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1473\"\u003edocker/build-push-action#1473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove legacy export-build tool support for build summary by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1474\"\u003edocker/build-push-action#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1466\"\u003edocker/build-push-action#1466\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1454\"\u003edocker/build-push-action#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.62.1 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1453\"\u003edocker/build-push-action#1453\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1472\"\u003edocker/build-push-action#1472\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1479\"\u003edocker/build-push-action#1479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1463\"\u003edocker/build-push-action#1463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0\"\u003ehttps://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/10e90e3645eae34f1e60eeb005ba3a3d33f178e8...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/attest-build-provenance` from 2.4.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/attest-build-provenance/releases\"\u003eactions/attest-build-provenance's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate RELEASE.md docs by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/836\"\u003eactions/attest-build-provenance#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/attest\u003c/code\u003e from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/838\"\u003eactions/attest-build-provenance#838\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.0.0 to 3.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/362\"\u003eactions/attest#362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.1.0 to 3.2.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/365\"\u003eactions/attest#365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd new \u003ccode\u003esubject-version\u003c/code\u003e input for inclusion in storage record by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/364\"\u003eactions/attest#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd storage record content to README by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/366\"\u003eactions/attest#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v4 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/835\"\u003eactions/attest-build-provenance#835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 2.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/776\"\u003eactions/attest-build-provenance#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd more documentation on Artifact Metadata Storage Records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/797\"\u003eactions/attest-build-provenance#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/attest to latest version v3.2.0 by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/812\"\u003eactions/attest-build-provenance#812\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v3 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/697\"\u003eactions/attest-build-provenance#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 3.14.1 to 3.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/749\"\u003eactions/attest-build-provenance#749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 7.5.1 to 7.5.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/753\"\u003eactions/attest-build-provenance#753\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.4.5 to 10.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/754\"\u003eactions/attest-build-provenance#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.1 to 25.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/774\"\u003eactions/attest-build-provenance#774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 1.6.0 to 2.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/736\"\u003eactions/attest-build-provenance#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 2.0.0 to 2.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/775\"\u003eactions/attest-build-provenance#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for creating artifact metadata storage records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/779\"\u003eactions/attest-build-provenance#779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003e\u003ccode\u003ea2bbfa2\u003c/code\u003e\u003c/a\u003e bump actions/attest from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0856891a35570e4ac506b510f0358a4308f82385\"\u003e\u003ccode\u003e0856891\u003c/code\u003e\u003c/a\u003e update RELEASE.md docs (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/e4d4f7c39adfa4c260fb5c147f0622000aa14b99\"\u003e\u003ccode\u003ee4d4f7c\u003c/code\u003e\u003c/a\u003e prepare v4 release (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/02a49bdc410a809733602220c6f6275925d6b578\"\u003e\u003ccode\u003e02a49bd\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/824\"\u003e#824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/7c757df4145fcd233331998e58b20b422c833a00\"\u003e\u003ccode\u003e7c757df\u003c/code\u003e\u003c/a\u003e Bump the npm-development group with 2 updates (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/825\"\u003e#825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/c44148e5bf178192efd8947e07a0d439a356c60b\"\u003e\u003ccode\u003ec44148e\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/818\"\u003e#818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/32343527f2ec94583cf7b31280de0f60dc9f0bf9\"\u003e\u003ccode\u003e3234352\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.0.10 to 25.2.0 in the npm-development group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/819\"\u003e#819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/18db12979d4cecda10c1cf295bcb159f3e59866d\"\u003e\u003ccode\u003e18db129\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.6 to 7.5.7 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/816\"\u003e#816\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/90fadfae6ba2e2ef59f8d38e61ec3cf16443a18e\"\u003e\u003ccode\u003e90fadfa\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 2.0.1 to 2.0.2 in the npm-production group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/799\"\u003e#799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/57db8ba356515a4c8608990f2aa27a6972235ccc\"\u003e\u003ccode\u003e57db8ba\u003c/code\u003e\u003c/a\u003e Bump the npm-development group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/808\"\u003e#808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/e8998f949152b193b063cb0ec769d69d929409be...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 3.7.0 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update default cosign-release to v3.0.5 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/223\"\u003esigstore/cosign-installer#223\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWe recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing \u003ccode\u003ewith: cosign-release\u003c/code\u003e and strongly discourage using \u003ccode\u003ecosign-release\u003c/code\u003e unless you have a specific reason to use an older version of Cosign.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.5 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/220\"\u003esigstore/cosign-installer#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add retry to curl downloads for transient network failures in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/210\"\u003esigstore/cosign-installer#210\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed?\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e You must upgrade to cosign-installer v4 if you want to install \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3+\u003c/a\u003e. You may still install Cosign v2.x with cosign-installer v4.\u003c/p\u003e\n\u003cp\u003eIn version v3+, using \u003ccode\u003ecosign sign-blob\u003c/code\u003e requires adding the \u003ccode\u003e--bundle\u003c/code\u003e flag which may require you to update your signing command.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Cosign v3 releases (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed?\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e cosign-installer v3.x cannot be used to install \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3.x\u003c/a\u003e. You must upgrade to cosign-installer v4 in order to use Cosign v3.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump default Cosign to v2.6.1 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump default Cosign to v2.6.0 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/200\"\u003esigstore/cosign-installer#200\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.9.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003enot fail fast and setup permissions in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/195\"\u003esigstore/cosign-installer#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edrop old unsupported versions \u0026lt;v2.0.0 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/192\"\u003esigstore/cosign-installer#192\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default to v2.5.3 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/196\"\u003esigstore/cosign-installer#196\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003\"\u003e\u003ccode\u003ecad07c2\u003c/code\u003e\u003c/a\u003e chore: update default cosign-release to v3.0.5 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/223\"\u003e#223\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/ba7bc0a3fef59531c69a25acd34668d6d3fe6f22\"\u003e\u003ccode\u003eba7bc0a\u003c/code\u003e\u003c/a\u003e fix: add retry to curl downloads for transient network failures (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/5a292e1504fdf08d68831aa1d265e92aee5701f9\"\u003e\u003ccode\u003e5a292e1\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.5 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/220\"\u003e#220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/351ea76151ae2dbbf52374c9dd639f4981de944f\"\u003e\u003ccode\u003e351ea76\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/217\"\u003e#217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/c17565ff322a3403de48978f18d9ee0cfa7c2cd5\"\u003e\u003ccode\u003ec17565f\u003c/code\u003e\u003c/a\u003e test with go 1.26 too (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/a6fdd19182ff7fb86ae39a9329ba29eb602cbabb\"\u003e\u003ccode\u003ea6fdd19\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.1.0 to 6.3.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/218\"\u003e#218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/430b6a704fe0c92f1b1261d84376a900f38d90ff\"\u003e\u003ccode\u003e430b6a7\u003c/code\u003e\u003c/a\u003e docs: fix registry from gcr.io to ghcr.io (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4.3.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the \u003ccode\u003eContent-Type\u003c/code\u003e header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new \u003ccode\u003eskip-decompress\u003c/code\u003e parameter to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eEnforced checks (breaking)\u003c/h3\u003e\n\u003cp\u003eA previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the \u003ccode\u003edigest-mismatch\u003c/code\u003e parameter. To be secure by default, we are now defaulting the behavior to \u003ccode\u003eerror\u003c/code\u003e which will fail the workflow run.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the @actions/* packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't attempt to un-zip non-zipped downloads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/460\"\u003eactions/download-artifact#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/461\"\u003eactions/download-artifact#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8.0.0\"\u003ehttps://github.com/actions/download-artifact/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v7 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/440\"\u003eactions/download-artifact#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDownload Artifact Node24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/415\"\u003eactions/download-artifact#415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e to fix Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/451\"\u003eactions/download-artifact#451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v7.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/452\"\u003eactions/download-artifact#452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003e\u003ccode\u003e3e5f45b\u003c/code\u003e\u003c/a\u003e Add regression tests for CJK characters (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd\"\u003e\u003ccode\u003ee6d03f6\u003c/code\u003e\u003c/a\u003e Add a regression test for artifact name + content-type mismatches (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3\"\u003e\u003ccode\u003e70fc10c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/461\"\u003e#461\u003c/a\u003e from actions/danwkennedy/digest-mismatch-behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62\"\u003e\u003ccode\u003ef258da9\u003c/code\u003e\u003c/a\u003e Add change docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c\"\u003e\u003ccode\u003eccc058e\u003c/code\u003e\u003c/a\u003e Fix linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd\"\u003e\u003ccode\u003ebd7976b\u003c/code\u003e\u003c/a\u003e Add a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c\"\u003e\u003ccode\u003eac21fcf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/460\"\u003e#460\u003c/a\u003e from actions/danwkennedy/download-no-unzip\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0\"\u003e\u003ccode\u003e15999bf\u003c/code\u003e\u003c/a\u003e Add note about package bumps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561\"\u003e\u003ccode\u003e974686e\u003c/code\u003e\u003c/a\u003e Bump the version to \u003ccode\u003ev8\u003c/code\u003e and add release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75\"\u003e\u003ccode\u003efbe48b1\u003c/code\u003e\u003c/a\u003e Update test names to make it clearer what they do\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-go` from 5.6.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-go/releases\"\u003eactions/setup-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd go-download-base-url input for custom Go distributions by \u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/leduytuanvu/avf-vending-api/pull/205","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leduytuanvu%2Favf-vending-api/issues/205","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/205/packages"},{"uuid":"4418146356","node_id":"PR_kwDOR_Kslc7aHGQf","number":122,"state":"open","title":"chore(ci)(deps): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T04:50:10.000Z","updated_at":"2026-05-11T04:50:10.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/DFXswiss/dfx-wallet/pull/122","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DFXswiss%2Fdfx-wallet/issues/122","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/122/packages"},{"uuid":"4372553517","node_id":"PR_kwDOR4I6r87XznJw","number":1,"state":"open","title":"chore(deps): bump the all group with 6 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-03T18:01:29.000Z","updated_at":"2026-05-03T18:01:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"all","update_count":6,"packages":[{"name":"actions/checkout","old_version":"5","new_version":"6","repository_url":"https://github.com/actions/checkout"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"goreleaser/goreleaser-action","old_version":"6","new_version":"7","repository_url":"https://github.com/goreleaser/goreleaser-action"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"softprops/action-gh-release","old_version":"2","new_version":"3","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"github/codeql-action","old_version":"4.35.1","new_version":"4.35.3","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the all group with 6 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `5` | `6` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6` | `7` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.35.3` |\n\nUpdates `actions/checkout` from 5 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v5...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webfactory/ssh-agent` from 0.9.0 to 0.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `goreleaser/goreleaser-action` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/goreleaser/goreleaser-action/releases\"\u003egoreleaser/goreleaser-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat!: node 24, update deps, rm yarn, ESM by \u003ca href=\"https://github.com/caarlos0\"\u003e\u003ccode\u003e@​caarlos0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/533\"\u003egoreleaser/goreleaser-action#533\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esec: pin github action versions by \u003ca href=\"https://github.com/caarlos0\"\u003e\u003ccode\u003e@​caarlos0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/514\"\u003egoreleaser/goreleaser-action#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Upgrade checkout GitHub Action in README.md by \u003ca href=\"https://github.com/dunglas\"\u003e\u003ccode\u003e@​dunglas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/507\"\u003egoreleaser/goreleaser-action#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/504\"\u003egoreleaser/goreleaser-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump the actions group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/517\"\u003egoreleaser/goreleaser-action#517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump the actions group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/523\"\u003egoreleaser/goreleaser-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump docker/bake-action from 6.9.0 to 6.10.0 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/526\"\u003egoreleaser/goreleaser-action#526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump the actions group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/532\"\u003egoreleaser/goreleaser-action#532\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/534\"\u003egoreleaser/goreleaser-action#534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the npm group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/536\"\u003egoreleaser/goreleaser-action#536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump \u003ccode\u003e@​actions/http-client\u003c/code\u003e from 3.0.2 to 4.0.0 in the npm group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/537\"\u003egoreleaser/goreleaser-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump docker/setup-buildx-action from 3.10.0 to 3.12.0 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/538\"\u003egoreleaser/goreleaser-action#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/539\"\u003egoreleaser/goreleaser-action#539\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6...v7.0.0\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set contents read as default workflow permissions by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/494\"\u003egoreleaser/goreleaser-action#494\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support .config directory for goreleaser config files  by \u003ca href=\"https://github.com/haya14busa\"\u003e\u003ccode\u003e@​haya14busa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/500\"\u003egoreleaser/goreleaser-action#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump semver from 7.7.1 to 7.7.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/495\"\u003egoreleaser/goreleaser-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 1.1.11 to 1.1.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/498\"\u003egoreleaser/goreleaser-action#498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: do not get releases.json if version is specific by \u003ca href=\"https://github.com/caarlos0\"\u003e\u003ccode\u003e@​caarlos0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/502\"\u003egoreleaser/goreleaser-action#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump undici from 5.28.5 to 5.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/496\"\u003egoreleaser/goreleaser-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: retry downloading releases json by \u003ca href=\"https://github.com/caarlos0\"\u003e\u003ccode\u003e@​caarlos0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/503\"\u003egoreleaser/goreleaser-action#503\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haya14busa\"\u003e\u003ccode\u003e@​haya14busa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/500\"\u003egoreleaser/goreleaser-action#500\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6.3.0...v6.4.0\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v6.3.0...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.5 in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/488\"\u003egoreleaser/goreleaser-action#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6.2.1...v6.3.0\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v6.2.1...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the \u003ccode\u003e-pro\u003c/code\u003e suffix).\nOlder versions should work fine.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version is \u003cstrong\u003erequired\u003c/strong\u003e for GoReleaser Pro v2.7.0+.\nRead more \u003ca href=\"https://goreleaser.com/blog/goreleaser-v2.7/\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6.2.0...v6.2.1\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v6.2.0...v6.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/1a80836c5c9d9e5755a25cb59ec6f45a3b5f41a8\"\u003e\u003ccode\u003e1a80836\u003c/code\u003e\u003c/a\u003e ci(nightly): pass GITHUB_TOKEN to nightly integration job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/a71152e8274c84525d8835ba71448d64d2023702\"\u003e\u003ccode\u003ea71152e\u003c/code\u003e\u003c/a\u003e refactor: drop legacy 'nightly' tag fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/4c6ab561adb47e50c45ef534e2155934e91c40c1\"\u003e\u003ccode\u003e4c6ab56\u003c/code\u003e\u003c/a\u003e feat: resolve nightly to latest vX.Y.Z-\u0026lt;sha\u0026gt;-nightly release (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/4f96abf297f872baa17cd502a9b5ef0725fd1edc\"\u003e\u003ccode\u003e4f96abf\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eversion-file\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/556\"\u003e#556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/15fa2a96d4a23f516334bb340969ca4e9c82f0fa\"\u003e\u003ccode\u003e15fa2a9\u003c/code\u003e\u003c/a\u003e test: cover install across release eras (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/e24998b8b67b290c2fa8b7c14fcfa7de2c5c9b8c\"\u003e\u003ccode\u003ee24998b\u003c/code\u003e\u003c/a\u003e ci: drop pre-cosign-v3 goreleaser versions from tests (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/be2e8a39ba2f6daed623e98e8b6662f008cffc8d\"\u003e\u003ccode\u003ebe2e8a3\u003c/code\u003e\u003c/a\u003e docs: document cosign verification in README (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/553\"\u003e#553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/5e53f8eea2783e9a9b5963dafae20a7e5320618c\"\u003e\u003ccode\u003e5e53f8e\u003c/code\u003e\u003c/a\u003e ci: add release-major-tag workflow (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/552\"\u003e#552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/4068afa2f0763491214b56d83686409cb4549b8c\"\u003e\u003ccode\u003e4068afa\u003c/code\u003e\u003c/a\u003e build: drop docker-bake in favor of plain npm (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/213ec80f5629fd53743a07c81b86deb4c540955f\"\u003e\u003ccode\u003e213ec80\u003c/code\u003e\u003c/a\u003e docs: add CONTRIBUTING with pre-commit workflow\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING CHANGE:\u003c/strong\u003e this update supports Node \u003ccode\u003ev24.x\u003c/code\u003e. This is not a breaking change per-se but we're treating it as such.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: spell out the first use of GHES by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/artifact\u003c/code\u003e to \u003ccode\u003ev4.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev5.0.0\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/734\"\u003eactions/upload-artifact#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2 to 3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v2.6.2\"\u003ehttps://github.com/softprops/action-gh-release/compare/v2...v2.6.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix issue with multiple runs concatenating release bodies \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/145\"\u003e#145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003e\u003ccode\u003eb430933\u003c/code\u003e\u003c/a\u003e release: cut v3.0.0 for Node 24 upgrade (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c2e35e05a74208bafbfcbdae5ebc9da7236e980f\"\u003e\u003ccode\u003ec2e35e0\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group across 1 directory with 7 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/783\"\u003e#783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.1 to 4.35.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e46ed2cbd01164d986452f91f178727624ae40d7\"\u003e\u003ccode\u003ee46ed2c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3867\"\u003e#3867\u003c/a\u003e from github/update-v4.35.3-8c6e48dbe\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b73d1d163446ca5e62b96698027210ab41df6a4a\"\u003e\u003ccode\u003eb73d1d1\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/24e0bb00a931e2a5edb703ce3b22a70f3a3e800b\"\u003e\u003ccode\u003e24e0bb0\u003c/code\u003e\u003c/a\u003e Reorder changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ec298daba71cf7592feacbd1c0887cddc0659f62\"\u003e\u003ccode\u003eec298da\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8c6e48dbe051ceb3015c19554831af1b43275f46\"\u003e\u003ccode\u003e8c6e48d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3865\"\u003e#3865\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/719098349ea5beae8aa364bf9b71ff1c8d937df2\"\u003e\u003ccode\u003e7190983\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2bb209555a024d051f6271c8a846b402497f9445\"\u003e\u003ccode\u003e2bb2095\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7851e55dc3be31ec4bcc3ef98453de2cb306e698\"\u003e\u003ccode\u003e7851e55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3850\"\u003e#3850\u003c/a\u003e from github/mbg/private-registry/cloudsmith-gcp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/262a15f6cf4c7a43d6a38ad76392e5e2d4977751\"\u003e\u003ccode\u003e262a15f\u003c/code\u003e\u003c/a\u003e Add generic non-printable chars test for OIDC configs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/a6109b1c07173a53ece3d179a925ff9644d1fabd\"\u003e\u003ccode\u003ea6109b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3853\"\u003e#3853\u003c/a\u003e from github/mbg/start-proxy/improved-checks\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...e46ed2cbd01164d986452f91f178727624ae40d7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/marang/franz-agent/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/marang%2Ffranz-agent/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"},{"uuid":"4330621861","node_id":"PR_kwDOSHI0pc7VtVM_","number":25,"state":"open","title":"chore(actions)(deps): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-26T10:23:16.000Z","updated_at":"2026-04-26T10:23:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(actions)(deps)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/cengo441337-a11y/phantomchat/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cengo441337-a11y%2Fphantomchat/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"},{"uuid":"4328248543","node_id":"PR_kwDOR5xqlc7VmUbr","number":32,"state":"closed","title":"chore(ci): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-04T03:09:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T13:45:47.000Z","updated_at":"2026-05-04T03:09:23.000Z","time_to_close":739408,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/Cyberlearnix/cyberlearnix_website-dev/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyberlearnix%2Fcyberlearnix_website-dev/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"},{"uuid":"4326129656","node_id":"PR_kwDOSL6mG87Vfyvk","number":2,"state":"open","title":"Bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T23:19:56.000Z","updated_at":"2026-04-24T23:19:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/LexLordAI/lexlord-backend/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LexLordAI%2Flexlord-backend/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}],"issue_packages":[{"old_version":"0.9.1","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-24T04:30:19.000Z","version_change":"0.9.1 → 0.10.0","issue":{"uuid":"4510489080","node_id":"PR_kwDORFpk3c7eukN3","number":8,"state":"open","title":"chore(deps): bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-24T04:30:19.000Z","updated_at":"2026-05-24T04:31:08.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.0` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/703\"\u003edependabot/fetch-metadata#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/701\"\u003edependabot/fetch-metadata#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/702\"\u003edependabot/fetch-metadata#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.12 to 4.12.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/705\"\u003edependabot/fetch-metadata#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev3.1.0 by \u003ca href=\"https://github.com/fetch-metadata-action-automation\"\u003e\u003ccode\u003e@​fetch-metadata-action-automation\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/692\"\u003edependabot/fetch-m...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/metadata-grammar/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fmetadata-grammar/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"0.9.1","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-23T23:30:18.000Z","version_change":"0.9.1 → 0.10.0","issue":{"uuid":"4509899186","node_id":"PR_kwDORs4_pM7es2Oo","number":34,"state":"closed","title":"build(deps): Bump the actions group with 12 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-23T23:41:52.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-23T23:30:18.000Z","updated_at":"2026-05-23T23:41:54.000Z","time_to_close":694,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): Bump","group_name":"actions","update_count":12,"packages":[{"name":"actions/checkout","old_version":"4","new_version":"6","repository_url":"https://github.com/actions/checkout"},{"name":"github/codeql-action","old_version":"4.31.10","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/cache","old_version":"4","new_version":"5","repository_url":"https://github.com/actions/cache"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"efa25f7f19611383d5b0ccf2d1c8914531636bf9","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.92.5","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"},{"name":"hyperpolymath/panic-attacker/.github/workflows/scan-and-report.yml","old_version":"35fb302b0bcd797ba304bcc30def77fcb18cc3db","new_version":"caa407f30505369bb42585a397b6ec85f44d036d","repository_url":"https://github.com/hyperpolymath/panic-attacker"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 12 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.31.10` | `4.36.0` |\n| [actions/cache](https://github.com/actions/cache) | `4` | `5` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `efa25f7f19611383d5b0ccf2d1c8914531636bf9` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.92.5` | `3.95.3` |\n| [hyperpolymath/panic-attacker/.github/workflows/scan-and-report.yml](https://github.com/hyperpolymath/panic-attacker) | `35fb302b0bcd797ba304bcc30def77fcb18cc3db` | `caa407f30505369bb42585a397b6ec85f44d036d` |\n\nUpdates `actions/checkout` from 4 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eMake sure your runner is updated to this version or newer to use this release.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v4...v5.0.0\"\u003ehttps://github.com/actions/checkout/compare/v4...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v4...v4.3.1\"\u003ehttps://github.com/actions/checkout/compare/v4...v4.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.31.10 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.31.10...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4 to 5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to use node24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1630\"\u003eactions/cache#1630\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1684\"\u003eactions/cache#1684\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v4.3.0...v5.0.0\"\u003ehttps://github.com/actions/cache/compare/v4.3.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd note on runner versions by \u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev4.3.0\u003c/code\u003e release by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1655\"\u003eactions/cache#1655\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1642\"\u003eactions/cache#1642\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v4...v4.3.0\"\u003ehttps://github.com/actions/cache/compare/v4...v4.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.2.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1620\"\u003eactions/cache#1620\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@actions/cache\u003c/code\u003e to \u003ccode\u003e4.0.5\u003c/code\u003e and move \u003ccode\u003e@protobuf-ts/plugin\u003c/code\u003e to dev depdencies by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1634\"\u003eactions/cache#1634\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare release \u003ccode\u003e4.2.4\u003c/code\u003e by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1636\"\u003eactions/cache#1636\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1620\"\u003eactions/cache#1620\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v4...v4.2.4\"\u003ehttps://github.com/actions/cache/compare/v4...v4.2.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.2.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate to use \u003ccode\u003e@​actions/cache\u003c/code\u003e 4.0.3 package \u0026amp; prepare for new release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1577\"\u003eactions/cache#1577\u003c/a\u003e (SAS tokens for cache entries are now masked in debug logs)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1577\"\u003eactions/cache#1577\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v4.2.2...v4.2.3\"\u003ehttps://github.com/actions/cache/compare/v4.2.2...v4.2.3\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v4...v5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webfactory/ssh-agent` from 0.9.1 to 0.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/a6f90b1f127823b31d4d4a8d96047790581349bd...e83874834305fe9a4a2997156cb26c5de65a8555\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dtolnay/rust-toolchain` from efa25f7f19611383d5b0ccf2d1c8914531636bf9 to 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dtolnay/rust-toolchain/commit/3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9\"\u003e\u003ccode\u003e3c5f7ea\u003c/code\u003e\u003c/a\u003e Add 1.94.1 patch release\u003c/li\u003e\n\u003cli\u003eS...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/verisimdb/pull/34","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fverisimdb/issues/34","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/34/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-23T08:58:22.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4507569457","node_id":"PR_kwDORoHcRs7elzB0","number":285,"state":"open","title":"chore(deps): bump the github-actions group across 1 directory with 13 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-23T08:58:22.000Z","updated_at":"2026-05-23T08:58:23.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.3.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"docker/setup-buildx-action","old_version":"3.12.0","new_version":"4.1.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/login-action","old_version":"3.7.0","new_version":"4.2.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/build-push-action","old_version":"6.19.2","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"actions/attest-build-provenance","old_version":"2.4.0","new_version":"4.1.0","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"sigstore/cosign-installer","old_version":"3.7.0","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"actions/setup-go","old_version":"5.6.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-go"},{"name":"actions/setup-python","old_version":"5.6.0","new_version":"6.2.0","repository_url":"https://github.com/actions/setup-python"},{"name":"github/codeql-action","old_version":"3.35.2","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.1.0` |\n| [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.2.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.2.0` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `4.1.0` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.7.0` | `4.1.2` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` |\n| [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.2.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.35.2` | `4.36.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n\n\nUpdates `actions/checkout` from 4.3.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 3.12.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/489\"\u003edocker/setup-buildx-action#489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/547\"\u003edocker/setup-buildx-action#547\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/508\"\u003edocker/setup-buildx-action#508\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.0.0 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/540\"\u003edocker/setup-buildx-action#540\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/496\"\u003edocker/setup-buildx-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/499\"\u003edocker/setup-buildx-action#499\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 13.0.6 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/495\"\u003edocker/setup-buildx-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/504\"\u003edocker/setup-buildx-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/523\"\u003edocker/setup-buildx-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/503\"\u003edocker/setup-buildx-action#503\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/537\"\u003edocker/setup-buildx-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/545\"\u003edocker/setup-buildx-action#545\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.25.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/492\"\u003edocker/setup-buildx-action#492\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/520\"\u003edocker/setup-buildx-action#520\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/483\"\u003edocker/setup-buildx-action#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated inputs/outputs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/464\"\u003edocker/setup-buildx-action#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/481\"\u003edocker/setup-buildx-action#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/475\"\u003edocker/setup-buildx-action#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/482\"\u003edocker/setup-buildx-action#482\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/485\"\u003edocker/setup-buildx-action#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/452\"\u003edocker/setup-buildx-action#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/472\"\u003edocker/setup-buildx-action#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/480\"\u003edocker/setup-buildx-action#480\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003e\u003ccode\u003ed7f5e7f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/489\"\u003e#489\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/92bc5c9777806d0a73d9d668ba2114fa1177f164\"\u003e\u003ccode\u003e92bc5c9\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/da11e35abee0f20cb4f1c1b7c461d37c29be52f5\"\u003e\u003ccode\u003eda11e35\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/f021e162ef95b6fba51af1c6674f537f25bce851\"\u003e\u003ccode\u003ef021e16\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/492\"\u003e#492\u003c/a\u003e from docker/dependabot/npm_and_yarn/undici-6.24.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b5af94fab700aee0c64d6077e0e34ae987815b67\"\u003e\u003ccode\u003eb5af94f\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/16ad9776a801d0c47f0a05f007b88a3789aa8ab6\"\u003e\u003ccode\u003e16ad977\u003c/code\u003e\u003c/a\u003e build(deps): bump undici from 6.23.0 to 6.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/d7a12d7df895b33bd02a9b4bf62a12f2b9a24458\"\u003e\u003ccode\u003ed7a12d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/495\"\u003e#495\u003c/a\u003e from docker/dependabot/npm_and_yarn/glob-10.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28ff27de4eed7518d361591f2cd1dfb69c34a7cb\"\u003e\u003ccode\u003e28ff27d\u003c/code\u003e\u003c/a\u003e build(deps): bump glob from 10.3.12 to 13.0.6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/daf436b50e13d9053b9730cbc16516891878b019\"\u003e\u003ccode\u003edaf436b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/496\"\u003e#496\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-5...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/9725348367859764880f2f2e688a6b0c353e3f35\"\u003e\u003ccode\u003e9725348\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 3.7.0 to 4.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/976\"\u003edocker/login-action#976\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1050.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/960\"\u003edocker/login-action#960\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/970\"\u003edocker/login-action#970\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.1 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/993\"\u003edocker/login-action#993\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/985\"\u003edocker/login-action#985\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.6 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/963\"\u003edocker/login-action#963\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 9.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/961\"\u003edocker/login-action#961\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/979\"\u003edocker/login-action#979\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/991\"\u003edocker/login-action#991\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.3 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/986\"\u003edocker/login-action#986\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.1.0...v4.2.0\"\u003ehttps://github.com/docker/login-action/compare/v4.1.0...v4.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scoped Docker Hub cleanup path when registry is omitted by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/945\"\u003edocker/login-action#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1020.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/930\"\u003edocker/login-action#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.86.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/932\"\u003edocker/login-action#932\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/936\"\u003edocker/login-action#936\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/952\"\u003edocker/login-action#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.4 to 5.3.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/942\"\u003edocker/login-action#942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/944\"\u003edocker/login-action#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/940\"\u003edocker/login-action#940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/949\"\u003edocker/login-action#949\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 8.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/937\"\u003edocker/login-action#937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/958\"\u003edocker/login-action#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/941\"\u003edocker/login-action#941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/948\"\u003edocker/login-action#948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/938\"\u003edocker/login-action#938\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/login-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/929\"\u003edocker/login-action#929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/927\"\u003edocker/login-action#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/919\"\u003edocker/login-action#919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/910\"\u003edocker/login-action#910\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/928\"\u003edocker/login-action#928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/921\"\u003edocker/login-action#921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/901\"\u003edocker/login-action#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/login-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003e\u003ccode\u003e650006c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/960\"\u003e#960\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/99df1a3f6d65e48177ea57671a50e2242eae4b63\"\u003e\u003ccode\u003e99df1a3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3ab375f324f46da5f6901efeda4be4e2566ebaa2\"\u003e\u003ccode\u003e3ab375f\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/39d85804ae465a1816c68ff58158ec66883981b4\"\u003e\u003ccode\u003e39d8580\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/970\"\u003e#970\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4eefcd33ca7213989697445a78b6730274bfaba6\"\u003e\u003ccode\u003e4eefcd3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/56d092c8b3f04006c22f4fc20a2b3d2442caed56\"\u003e\u003ccode\u003e56d092c\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.86.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/e2e31ca87063ae00fd41ad3b9c548dd8ec24c5ff\"\u003e\u003ccode\u003ee2e31ca\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/976\"\u003e#976\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/0bced941e843afc786fbfd58b1c6c13ca11e09c9\"\u003e\u003ccode\u003e0bced94\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/3e75a0f266b07e09777a621d0ca5f4432ef9f10c\"\u003e\u003ccode\u003e3e75a0f\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/365bebd9d646160567ebad47824f026e09ee6970\"\u003e\u003ccode\u003e365bebd\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/984\"\u003e#984\u003c/a\u003e from docker/dependabot/github_actions/aws-actions/con...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...650006c6eb7dba73a995cc03b0b2d7f5ca915bee\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 6.19.2 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGit context \u003ca href=\"https://docs.docker.com/build/concepts/context/#url-queries\"\u003equery format\u003c/a\u003e support by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.87.0 by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1500\"\u003edocker/build-push-action#1500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.5.7 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1489\"\u003edocker/build-push-action#1489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1491\"\u003edocker/build-push-action#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1490\"\u003edocker/build-push-action#1490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1497\"\u003edocker/build-push-action#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1510\"\u003edocker/build-push-action#1510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1496\"\u003edocker/build-push-action#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1486\"\u003edocker/build-push-action#1486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1509\"\u003edocker/build-push-action#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1470\"\u003edocker/build-push-action#1470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated \u003ccode\u003eDOCKER_BUILD_NO_SUMMARY\u003c/code\u003e and \u003ccode\u003eDOCKER_BUILD_EXPORT_RETENTION_DAYS\u003c/code\u003e envs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1473\"\u003edocker/build-push-action#1473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove legacy export-build tool support for build summary by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1474\"\u003edocker/build-push-action#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1466\"\u003edocker/build-push-action#1466\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1454\"\u003edocker/build-push-action#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.62.1 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1453\"\u003edocker/build-push-action#1453\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1472\"\u003edocker/build-push-action#1472\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1479\"\u003edocker/build-push-action#1479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1463\"\u003edocker/build-push-action#1463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0\"\u003ehttps://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/10e90e3645eae34f1e60eeb005ba3a3d33f178e8...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/attest-build-provenance` from 2.4.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/attest-build-provenance/releases\"\u003eactions/attest-build-provenance's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate RELEASE.md docs by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/836\"\u003eactions/attest-build-provenance#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/attest\u003c/code\u003e from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/838\"\u003eactions/attest-build-provenance#838\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.0.0 to 3.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/362\"\u003eactions/attest#362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.1.0 to 3.2.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/365\"\u003eactions/attest#365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd new \u003ccode\u003esubject-version\u003c/code\u003e input for inclusion in storage record by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/364\"\u003eactions/attest#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd storage record content to README by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/366\"\u003eactions/attest#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v4 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/835\"\u003eactions/attest-build-provenance#835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 2.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/776\"\u003eactions/attest-build-provenance#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd more documentation on Artifact Metadata Storage Records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/797\"\u003eactions/attest-build-provenance#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/attest to latest version v3.2.0 by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/812\"\u003eactions/attest-build-provenance#812\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v3 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/697\"\u003eactions/attest-build-provenance#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 3.14.1 to 3.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/749\"\u003eactions/attest-build-provenance#749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 7.5.1 to 7.5.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/753\"\u003eactions/attest-build-provenance#753\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.4.5 to 10.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/754\"\u003eactions/attest-build-provenance#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.1 to 25.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/774\"\u003eactions/attest-build-provenance#774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 1.6.0 to 2.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/736\"\u003eactions/attest-build-provenance#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 2.0.0 to 2.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/775\"\u003eactions/attest-build-provenance#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for creating artifact metadata storage records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/779\"\u003eactions/attest-build-provenance#779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003e\u003ccode\u003ea2bbfa2\u003c/code\u003e\u003c/a\u003e bump actions/attest from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0856891a35570e4ac506b510f0358a4308f82385\"\u003e\u003ccode\u003e0856891\u003c/code\u003e\u003c/a\u003e update RELEASE.md docs (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/e4d4f7c39adfa4c260fb5c147f0622000aa14b99\"\u003e\u003ccode\u003ee4d4f7c\u003c/code\u003e\u003c/a\u003e prepare v4 release (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/02a49bdc410a809733602220c6f6275925d6b578\"\u003e\u003ccode\u003e02a49bd\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/824\"\u003e#824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/7c757df4145fcd233331998e58b20b422c833a00\"\u003e\u003ccode\u003e7c757df\u003c/code\u003e\u003c/a\u003e Bump the npm-development group with 2 updates (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/825\"\u003e#825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/c44148e5bf178192efd8947e07a0d439a356c60b\"\u003e\u003ccode\u003ec44148e\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/818\"\u003e#818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/32343527f2ec94583cf7b31280de0f60dc9f0bf9\"\u003e\u003ccode\u003e3234352\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.0.10 to 25.2.0 in the npm-development group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/819\"\u003e#819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/18db12979d4cecda10c1cf295bcb159f3e59866d\"\u003e\u003ccode\u003e18db129\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.6 to 7.5.7 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/816\"\u003e#816\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/90fadfae6ba2e2ef59f8d38e61ec3cf16443a18e\"\u003e\u003ccode\u003e90fadfa\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 2.0.1 to 2.0.2 in the npm-production group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/799\"\u003e#799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/57db8ba356515a4c8608990f2aa27a6972235ccc\"\u003e\u003ccode\u003e57db8ba\u003c/code\u003e\u003c/a\u003e Bump the npm-development group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/808\"\u003e#808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/e8998f949152b193b063cb0ec769d69d929409be...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 3.7.0 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update default cosign-release to v3.0.5 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/223\"\u003esigstore/cosign-installer#223\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWe recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing \u003ccode\u003ewith: cosign-release\u003c/code\u003e and strongly discourage using \u003ccode\u003ecosign-release\u003c/code\u003e unless you have a specific reason to use an older version of Cosign.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.5 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/220\"\u003esigstore/cosign-installer#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add retry to curl downloads for transient network failures in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/210\"\u003esigstore/cosign-installer#210\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed?\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e You must upgrade to cosign-installer v4 if you want to install \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3+\u003c/a\u003e. You may still install Cosign v2.x with cosign-installer v4.\u003c/p\u003e\n\u003cp\u003eIn version v3+, using \u003ccode\u003ecosign sign-blob\u003c/code\u003e requires adding the \u003ccode\u003e--bundle\u003c/code\u003e flag which may require you to update your signing command.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Cosign v3 releases (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed?\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e cosign-installer v3.x cannot be used to install \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3.x\u003c/a\u003e. You must upgrade to cosign-installer v4 in order to use Cosign v3.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump default Cosign to v2.6.1 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump default Cosign to v2.6.0 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/200\"\u003esigstore/cosign-installer#200\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.9.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003enot fail fast and setup permissions in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/195\"\u003esigstore/cosign-installer#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edrop old unsupported versions \u0026lt;v2.0.0 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/192\"\u003esigstore/cosign-installer#192\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default to v2.5.3 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/196\"\u003esigstore/cosign-installer#196\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003\"\u003e\u003ccode\u003ecad07c2\u003c/code\u003e\u003c/a\u003e chore: update default cosign-release to v3.0.5 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/223\"\u003e#223\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/ba7bc0a3fef59531c69a25acd34668d6d3fe6f22\"\u003e\u003ccode\u003eba7bc0a\u003c/code\u003e\u003c/a\u003e fix: add retry to curl downloads for transient network failures (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/5a292e1504fdf08d68831aa1d265e92aee5701f9\"\u003e\u003ccode\u003e5a292e1\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.5 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/220\"\u003e#220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/351ea76151ae2dbbf52374c9dd639f4981de944f\"\u003e\u003ccode\u003e351ea76\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/217\"\u003e#217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/c17565ff322a3403de48978f18d9ee0cfa7c2cd5\"\u003e\u003ccode\u003ec17565f\u003c/code\u003e\u003c/a\u003e test with go 1.26 too (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/a6fdd19182ff7fb86ae39a9329ba29eb602cbabb\"\u003e\u003ccode\u003ea6fdd19\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.1.0 to 6.3.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/218\"\u003e#218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/430b6a704fe0c92f1b1261d84376a900f38d90ff\"\u003e\u003ccode\u003e430b6a7\u003c/code\u003e\u003c/a\u003e docs: fix registry from gcr.io to ghcr.io (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4.3.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the \u003ccode\u003eContent-Type\u003c/code\u003e header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new \u003ccode\u003eskip-decompress\u003c/code\u003e parameter to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eEnforced checks (breaking)\u003c/h3\u003e\n\u003cp\u003eA previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the \u003ccode\u003edigest-mismatch\u003c/code\u003e parameter. To be secure by default, we are now defaulting the behavior to \u003ccode\u003eerror\u003c/code\u003e which will fail the workflow run.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the @actions/* packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't attempt to un-zip non-zipped downloads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/460\"\u003eactions/download-artifact#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/461\"\u003eactions/download-artifact#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8.0.0\"\u003ehttps://github.com/actions/download-artifact/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v7 now runs on Node.js 24 (\u003cc...\n\n_Description has been truncated_","html_url":"https://github.com/leduytuanvu/avf-vending-api/pull/285","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leduytuanvu%2Favf-vending-api/issues/285","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/285/packages"}},{"old_version":"0.9.1","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-22T20:20:23.000Z","version_change":"0.9.1 → 0.10.0","issue":{"uuid":"4505392551","node_id":"PR_kwDORIqe7M7efBIQ","number":8,"state":"closed","title":"chore(deps): bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T20:21:48.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T20:20:23.000Z","updated_at":"2026-05-23T02:20:26.000Z","time_to_close":85,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.0` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/703\"\u003edependabot/fetch-metadata#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/701\"\u003edependabot/fetch-metadata#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/702\"\u003edependabot/fetch-metadata#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.12 to 4.12.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/705\"\u003edependabot/fetch-metadata#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev3.1.0 by \u003ca href=\"https://github.com/fetch-metadata-action-automation\"\u003e\u003ccode\u003e@​fetch-metadata-action-automation\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/692\"\u003edependabot/fetch-m...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/universal-extension-format/pull/8","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Funiversal-extension-format/issues/8","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/8/packages"}},{"old_version":"0.9.1","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-22T19:46:25.000Z","version_change":"0.9.1 → 0.10.0","issue":{"uuid":"4505226487","node_id":"PR_kwDORLRLq87eeexz","number":26,"state":"closed","title":"build(deps): bump the actions group with 12 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-22T20:00:27.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T19:46:25.000Z","updated_at":"2026-05-23T00:51:45.000Z","time_to_close":842,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"build(deps): bump","group_name":"actions","update_count":12,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 12 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifac...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/social-media-tools/pull/26","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fsocial-media-tools/issues/26","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/26/packages"}},{"old_version":"0.9.1","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-22T19:46:06.000Z","version_change":"0.9.1 → 0.10.0","issue":{"uuid":"4505224990","node_id":"PR_kwDORsoNyM7eeed3","number":11,"state":"closed","title":"chore(deps): bump the actions group with 12 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-22T20:00:59.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-22T19:46:06.000Z","updated_at":"2026-05-23T00:57:32.000Z","time_to_close":893,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":12,"packages":[{"name":"actions/checkout","old_version":"4.3.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.36.0","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"ruby/setup-ruby","old_version":"1.283.0","new_version":"1.310.0","repository_url":"https://github.com/ruby/setup-ruby"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 12 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.36.0` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.283.0` | `1.310.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.3.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.3.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.36.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.36.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.36.0 - 22 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.5\"\u003e2.25.5\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3926\"\u003e#3926\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003e\u003ccode\u003e7211b7c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3927\"\u003e#3927\u003c/a\u003e from github/update-v4.36.0-ebc2d9e2b\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7740f2fb21add1d46278215acea47540db22f022\"\u003e\u003ccode\u003e7740f2f\u003c/code\u003e\u003c/a\u003e Update changelog for v4.36.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ebc2d9e2bc247eec51bee8d4df806c4030eb0761\"\u003e\u003ccode\u003eebc2d9e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3926\"\u003e#3926\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d1f74b777c95c777bf4f42ce4b250bc916e745c7\"\u003e\u003ccode\u003ed1f74b7\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2dc40cec39bdc63d3561d74fa6100cebb0418ff4\"\u003e\u003ccode\u003e2dc40ce\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/84498526a009a99c875e83ef4821a8ba52de7c22\"\u003e\u003ccode\u003e8449852\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3910\"\u003e#3910\u003c/a\u003e from github/henrymercer/repo-size-diff-check\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/72ac23c6d16b29fbe801e87e3439941558c53094\"\u003e\u003ccode\u003e72ac23c\u003c/code\u003e\u003c/a\u003e Update excluded required check list\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/c5297a28a2c3e6a8062041b58858bd7117cebe37\"\u003e\u003ccode\u003ec5297a2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3919\"\u003e#3919\u003c/a\u003e from github/henrymercer/workflow-concurrency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8ffeae7d05bc1b914a009d197e64e4f5c9e14503\"\u003e\u003ccode\u003e8ffeae7\u003c/code\u003e\u003c/a\u003e CI: Automatically cancel non-generated workflows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/f3f52bf568dc44a1069faafa538caa6b1fec40c9\"\u003e\u003ccode\u003ef3f52bf\u003c/code\u003e\u003c/a\u003e Revert \u003ccode\u003egetErrorMessage\u003c/code\u003e import\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...7211b7c8077ea37d8641b6271f6a365a22a5fbfa\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/703\"\u003edependabot/fetch-metadata#703\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/701\"\u003edependabot/fetch-metadata#701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/702\"\u003edependabot/fetch-metadata#702\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.12 to 4.12.14 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/705\"\u003edependabot/fetch-metadata#705\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev3.1.0 by \u003ca href=\"https://github.com/fetch-metadata-action-automation\"\u003e\u003ccode\u003e@​fetch-metadata-action-automation\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/692\"\u003edependabot/fetch-metadata#692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0\"\u003ehttps://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003eThe breaking change is requiring Node.js version v24 as the Actions runtime.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat: Parse versions from metadata links by \u003ca href=\"https://github.com/ppkarwasz\"\u003e\u003ccode\u003e@​ppkarwasz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/632\"\u003edependabot/fetch-metadata#632\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade actions core and actions github packages by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/649\"\u003edependabot/fetch-metadata#649\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Add notes for using \u003ccode\u003ealert-lookup\u003c/code\u003e with App Token by \u003ca href=\"https://github.com/sue445\"\u003e\u003ccode\u003e@​sue445\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/656\"\u003edependabot/fetch-metadata#656\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: update Node.js version to v24 by \u003ca href=\"https://github.com/sturman\"\u003e\u003ccode\u003e@​sturman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/671\"\u003edependabot/fetch-metadata#671\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch build tooling from ncc to esbuild by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/676\"\u003edependabot/fetch-metadata#676\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd --legal-comments=none to esbuild build commands by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/679\"\u003edependabot/fetch-metadata#679\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tsconfig target from es2022 to es2024 by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/680\"\u003edependabot/fetch-metadata#680\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove vestigial outDir from tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/681\"\u003edependabot/fetch-metadata#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch tsconfig module resolution to bundler by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/682\"\u003edependabot/fetch-metadata#682\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove skipLibCheck from tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/683\"\u003edependabot/fetch-metadata#683\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd typecheck step to CI by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/685\"\u003edependabot/fetch-metadata#685\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eEnable noImplicitAny in tsconfig.json by \u003ca href=\"https://github.com/jeffwidman\"\u003e\u003ccode\u003e@​jeffwidman\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/684\"\u003edependabot/fetch-metadata#684\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/core\u003c/code\u003e to ^3.0.0 by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/677\"\u003edependabot/fetch-metadata#677\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade \u003ccode\u003e@​actions/github\u003c/code\u003e to ^9.0.0 and \u003ccode\u003e@​octokit/request-error\u003c/code\u003e to ^7.1.0 by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/678\"\u003edependabot/fetch-metadata#678\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump qs from 6.14.0 to 6.14.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/651\"\u003edependabot/fetch-metadata#651\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.1 to 4.11.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/652\"\u003edependabot/fetch-metadata#652\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.4 to 4.11.7 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/653\"\u003edependabot/fetch-metadata#653\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.11.7 to 4.12.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/657\"\u003edependabot/fetch-metadata#657\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump qs from 6.14.1 to 6.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/655\"\u003edependabot/fetch-metadata#655\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​modelcontextprotocol/sdk\u003c/code\u003e from 1.25.1 to 1.26.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/654\"\u003edependabot/fetch-metadata#654\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.9 to 1.19.10 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/665\"\u003edependabot/fetch-metadata#665\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump hono from 4.12.2 to 4.12.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/664\"\u003edependabot/fetch-metadata#664\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/25dd0e34f4fe68f24cc83900b1fe3fe149efef98\"\u003e\u003ccode\u003e25dd0e3\u003c/code\u003e\u003c/a\u003e v3.1.0 (\u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/692\"\u003e#692\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/e073f50d732cb48d48fb80afedb4fa61361626e9\"\u003e\u003ccode\u003ee073f50\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/705\"\u003e#705\u003c/a\u003e from dependabot/dependabot/npm_and_yarn/hono-4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/0670e167df1fbee1b0d07121de6a182ddebdd674\"\u003e\u003ccode\u003e0670e16\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump hono from 4.12.12 to 4.12.14\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/7a7fe10a42310e65df80af6c771e9aa5d59842d1\"\u003e\u003ccode\u003e7a7fe10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/702\"\u003e#702\u003c/a\u003e from dependabot/dependabot/npm_and_yarn/dependencies-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/5168191cea3d4daa635bff6c796b4f0faeba522d\"\u003e\u003ccode\u003e5168191\u003c/code\u003e\u003c/a\u003e Updating dist build\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/23882e175b2f16bc495c89aa50940399c6a17504\"\u003e\u003ccode\u003e23882e1\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​actions/github\u003c/code\u003e in the dependencies group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/1072469591c13fda1d8dba1d1ac2e80187e247d7\"\u003e\u003ccode\u003e1072469\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/701\"\u003e#701\u003c/a\u003e from dependabot/dependabot/github_actions/actions/cre...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/43f8a0055c8e32587be67e097dff89a6823c9752\"\u003e\u003ccode\u003e43f8a00\u003c/code\u003e\u003c/a\u003e build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/b4d904a50935c8ebe744da148ea8a18a43fe72e1\"\u003e\u003ccode\u003eb4d904a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/issues/703\"\u003e#703\u003c/a\u003e from dependabot/dependabot/npm_and_yarn/globals-17.5.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/dependabot/fetch-metadata/commit/c8046bb877d9989cc848797de1b944bc3e93ef82\"\u003e\u003ccode\u003ec8046bb\u003c/code\u003e\u003c/a\u003e build(deps-dev): bump globals from 17.4.0 to 17.5.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/dependabot/fetch-metadata/compare/dbb049abf0d677abbd7f7eee0375145b417fdd34...25dd0e34f4fe68f24cc83900b1fe3fe149efef98\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/github-script` from 8.0.0 to 9.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/github-script/releases\"\u003eactions/github-script's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev9.0.0\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNew features:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003egetOctokit\u003c/code\u003e factory function\u003c/strong\u003e — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See \u003ca href=\"https://github.com/actions/github-script#creating-additional-clients-with-getoctokit\"\u003eCreating additional clients with \u003ccode\u003egetOctokit\u003c/code\u003e\u003c/a\u003e for details and examples.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eOrchestration ID in user-agent\u003c/strong\u003e — The \u003ccode\u003eACTIONS_ORCHESTRATION_ID\u003c/code\u003e environment variable is automatically appended to the user-agent string for request tracing.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eBreaking changes:\u003c/strong\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ccode\u003erequire('@actions/github')\u003c/code\u003e no longer works in scripts.\u003c/strong\u003e The upgrade to \u003ccode\u003e@actions/github\u003c/code\u003e v9 (ESM-only) means \u003ccode\u003erequire('@actions/github')\u003c/code\u003e will fail at runtime. If you previously used patterns like \u003ccode\u003econst { getOctokit } = require('@actions/github')\u003c/code\u003e to create secondary clients, use the new injected \u003ccode\u003egetOctokit\u003c/code\u003e function instead — it's available directly in the script context with no imports needed.\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003egetOctokit\u003c/code\u003e is now an injected function parameter. Scripts that declare \u003ccode\u003econst getOctokit = ...\u003c/code\u003e or \u003ccode\u003elet getOctokit = ...\u003c/code\u003e will get a \u003ccode\u003eSyntaxError\u003c/code\u003e because JavaScript does not allow \u003ccode\u003econst\u003c/code\u003e/\u003ccode\u003elet\u003c/code\u003e redeclaration of function parameters. Use the injected \u003ccode\u003egetOctokit\u003c/code\u003e directly, or use \u003ccode\u003evar getOctokit = ...\u003c/code\u003e if you need to redeclare it.\u003c/li\u003e\n\u003cli\u003eIf your script accesses other \u003ccode\u003e@actions/github\u003c/code\u003e internals beyond the standard \u003ccode\u003egithub\u003c/code\u003e/\u003ccode\u003eoctokit\u003c/code\u003e client, you may need to update those references for v9 compatibility.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd ACTIONS_ORCHESTRATION_ID to user-agent string by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci: use deployment: false for integration test environments by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/712\"\u003eactions/github-script#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat!: add getOctokit to script context, upgrade \u003ccode\u003e@​actions/github\u003c/code\u003e v9, \u003ccode\u003e@​octokit/core\u003c/code\u003e v7, and related packages by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/700\"\u003eactions/github-script#700\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/github-script/pull/695\"\u003eactions/github-script#695\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/github-script/compare/v8.0.0...v9.0.0\"\u003ehttps://github.com/actions/github-script/compare/v8.0.0...v9.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003e\u003ccode\u003e3a2844b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/700\"\u003e#700\u003c/a\u003e from actions/salmanmkc/expose-getoctokit + prepare re...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ca10bbdd1a7739de09e99a200c7a59f5d73a4079\"\u003e\u003ccode\u003eca10bbd\u003c/code\u003e\u003c/a\u003e fix: use \u003ccode\u003e@​octokit/core/\u003c/code\u003etypes import for v7 compatibility\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/86e48e20ac85c970ed1f96e718fd068173948b7b\"\u003e\u003ccode\u003e86e48e2\u003c/code\u003e\u003c/a\u003e merge: incorporate main branch changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c1084728b5b935ec4ddc1e4cee877b01797b3ff9\"\u003e\u003ccode\u003ec108472\u003c/code\u003e\u003c/a\u003e chore: rebuild dist for v9 upgrade and getOctokit factory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/afff112e4f8b57c718168af75b89ce00bc8d091d\"\u003e\u003ccode\u003eafff112\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/github-script/issues/712\"\u003e#712\u003c/a\u003e from actions/salmanmkc/deployment-false + fix user-ag...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/ff8117e5b78c415f814f39ad6998f424fee7b817\"\u003e\u003ccode\u003eff8117e\u003c/code\u003e\u003c/a\u003e ci: fix user-agent test to handle orchestration ID\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/81c6b7876079abe10ff715951c9fc7b3e1ab389d\"\u003e\u003ccode\u003e81c6b78\u003c/code\u003e\u003c/a\u003e ci: use deployment: false to suppress deployment noise from integration tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/3953caf8858d318f37b6cc53a9f5708859b5a7b7\"\u003e\u003ccode\u003e3953caf\u003c/code\u003e\u003c/a\u003e docs: update README examples from \u003ca href=\"https://github.com/v8\"\u003e\u003ccode\u003e@​v8\u003c/code\u003e\u003c/a\u003e to \u003ca href=\"https://github.com/v9\"\u003e\u003ccode\u003e@​v9\u003c/code\u003e\u003c/a\u003e, add getOctokit docs and v9 brea...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/c17d55b90dcdb3d554d0027a6c180a7adc2daf78\"\u003e\u003ccode\u003ec17d55b\u003c/code\u003e\u003c/a\u003e ci: add getOctokit integration test job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/github-script/commit/a047196d9a02fe92098771cafbb98c2f1814e408\"\u003e\u003ccode\u003ea047196\u003c/code\u003e\u003c/a\u003e test: add getOctokit integration tests via callAsyncFunction\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/github-script/compare/ed597411d8f924073f98dfc5c65a23a2325f34cd...3a2844b7e9c422d3c10d287c895573f7108da1b3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca hr...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/tangle/pull/11","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Ftangle/issues/11","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/11/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-22T01:12:01.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4498975781","node_id":"PR_kwDOQvICas7eKOkH","number":16,"state":"open","title":"chore(deps): bump the actions group with 14 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T01:12:01.000Z","updated_at":"2026-05-22T01:14:55.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":14,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"peter-evans/repository-dispatch","old_version":"3.0.0","new_version":"4.0.1","repository_url":"https://github.com/peter-evans/repository-dispatch"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"56f84321dbccf38fb67ce29ab63e4754056677e0","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 14 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.5` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.1` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `56f84321dbccf38fb67ce29ab63e4754056677e0` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/snapcreate/pull/16","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fsnapcreate/issues/16","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/16/packages"}},{"old_version":"0.9.1","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-22T00:26:32.000Z","version_change":"0.9.1 → 0.10.0","issue":{"uuid":"4498801009","node_id":"PR_kwDORO5LCs7eJr-S","number":14,"state":"open","title":"chore(deps): bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-22T00:26:32.000Z","updated_at":"2026-05-22T01:11:24.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.3.0","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"dtolnay/rust-toolchain","old_version":"f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561","new_version":"3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9","repository_url":"https://github.com/dtolnay/rust-toolchain"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.5` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [dtolnay/rust-toolchain](https://github.com/dtolnay/rust-toolchain) | `f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561` | `3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.3.0 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eBreaking change\u003c/em\u003e: Bump the minimum required CodeQL bundle version to 2.19.4. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3894\"\u003e#3894\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003e\u003ccode\u003e9e0d7b8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3905\"\u003e#3905\u003c/a\u003e from github/update-v4.35.5-d4b485515\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6d7d59927c0c7336c1d1247c7e159e79edbf7684\"\u003e\u003ccode\u003e6d7d599\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/51f7e38c69d3cd7966375fe0ffff19669f22bd14\"\u003e\u003ccode\u003e51f7e38\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/d4b485515e8531d7071a39d526213eb5b2e74a11\"\u003e\u003ccode\u003ed4b4855\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3899\"\u003e#3899\u003c/a\u003e from github/mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/127de8117f134e8809c127d53e940b3ffc1db8e9\"\u003e\u003ccode\u003e127de81\u003c/code\u003e\u003c/a\u003e Merge remote-tracking branch 'origin/main' into mbg/esbuild/split\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7fde13f26ad3f7008e8fe6755cb997b54f7a2f3b\"\u003e\u003ccode\u003e7fde13f\u003c/code\u003e\u003c/a\u003e Use src + basename in header to avoid issues on Windows\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/dfa61e7305ed28b74dcc2c68bd665b36751ad933\"\u003e\u003ccode\u003edfa61e7\u003c/code\u003e\u003c/a\u003e Improve pattern matching and error handling\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/52aafec07347933a26e670390c3f894c5c05e64a\"\u003e\u003ccode\u003e52aafec\u003c/code\u003e\u003c/a\u003e Import and call \u003ccode\u003erunWrapper\u003c/code\u003e normally in \u003ccode\u003eanalyze\u003c/code\u003e tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0d08c01f7874da2f932e4d4e4d42b1c43be88111\"\u003e\u003ccode\u003e0d08c01\u003c/code\u003e\u003c/a\u003e Auto-generate shared bundle\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/14085a675cb6d8cddc805b946cc1d51e3232a204\"\u003e\u003ccode\u003e14085a6\u003c/code\u003e\u003c/a\u003e Auto-generate entry points\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/v4.32.6...9e0d7b8d25671d64c341c19c0152d693099fb5ba\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `dependabot/fetch-metadata` from 2.2.0 to 3.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/dependabot/fetch-metadata/releases\"\u003edependabot/fetch-metadata's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd permissions to all workflows by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/687\"\u003edependabot/fetch-metadata#687\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 16.0.0 to 17.4.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/690\"\u003edependabot/fetch-metadata#690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/693\"\u003edependabot/fetch-metadata#693\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump \u003ccode\u003e@​hono/node-server\u003c/code\u003e from 1.19.10 to 1.19.13 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/694\"\u003edependabot/fetch-metadata#694\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump hono from 4.12.7 to 4.12.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/695\"\u003edependabot/fetch-metadata#695\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDynamically update the tracking tag in action by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/696\"\u003edependabot/fetch-metadata#696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: handle duplicate dependency names in parseMetadataLinks by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/700\"\u003edependabot/fetch-metadata#700\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: remove $ anchor from updateFragment regex to handle pip directory suffixes by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/698\"\u003edependabot/fetch-metadata#698\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates to README for permissions clarification by \u003ca href=\"https://github.com/truggeri\"\u003e\u003ccode\u003e@​truggeri\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/697\"\u003edependabot/fetch-metadata#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: resolve update-type null for Python, Composer, and Terraform PRs by \u003ca href=\"https://github.com/vitorsdcs\"\u003e\u003ccode\u003e@​vitorsdcs\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/dependabot/fetch-metadata/pull/704\"\u003edependabot/fetch-metadata#704\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebuild(deps-dev): bump globals from 17.4.0 to 17.5.0 by \u003ca href=\"https://github.com/...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/squisher-corpus/pull/14","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fsquisher-corpus/issues/14","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/14/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-18T12:40:23.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4469171413","node_id":"PR_kwDOQ0Eyfs7cpsv6","number":9,"state":"open","title":"chore(deps): bump the actions group with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-18T12:40:23.000Z","updated_at":"2026-05-19T05:02:38.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"actions","update_count":13,"packages":[{"name":"actions/checkout","old_version":"4.1.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"haskell-actions/setup","old_version":"2.7.5","new_version":"2.11.0","repository_url":"https://github.com/haskell-actions/setup"},{"name":"actions/cache","old_version":"4.0.2","new_version":"5.0.5","repository_url":"https://github.com/actions/cache"},{"name":"actions/configure-pages","old_version":"5.0.0","new_version":"6.0.0","repository_url":"https://github.com/actions/configure-pages"},{"name":"actions/upload-pages-artifact","old_version":"3.0.1","new_version":"5.0.0","repository_url":"https://github.com/actions/upload-pages-artifact"},{"name":"actions/deploy-pages","old_version":"4.0.5","new_version":"5.0.0","repository_url":"https://github.com/actions/deploy-pages"},{"name":"erlef/setup-beam","old_version":"1.18.2","new_version":"1.24.0","repository_url":"https://github.com/erlef/setup-beam"},{"name":"github/codeql-action","old_version":"4.32.6","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"dependabot/fetch-metadata","old_version":"2.2.0","new_version":"3.1.0","repository_url":"https://github.com/dependabot/fetch-metadata"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/github-script","old_version":"8.0.0","new_version":"9.0.0","repository_url":"https://github.com/actions/github-script"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"trufflesecurity/trufflehog","old_version":"3.93.8","new_version":"3.95.3","repository_url":"https://github.com/trufflesecurity/trufflehog"}],"path":null,"ecosystem":"actions"},"body":"Bumps the actions group with 13 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `6.0.2` |\n| [haskell-actions/setup](https://github.com/haskell-actions/setup) | `2.7.5` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.0.2` | `5.0.5` |\n| [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` |\n| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `3.0.1` | `5.0.0` |\n| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` |\n| [erlef/setup-beam](https://github.com/erlef/setup-beam) | `1.18.2` | `1.24.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.6` | `4.35.5` |\n| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.2.0` | `3.1.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [trufflesecurity/trufflehog](https://github.com/trufflesecurity/trufflehog) | `3.93.8` | `3.95.3` |\n\nUpdates `actions/checkout` from 4.1.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/v4.1.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `haskell-actions/setup` from 2.7.5 to 2.11.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/haskell-actions/setup/releases\"\u003ehaskell-actions/setup's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.11.0\u003c/h2\u003e\n\u003cp\u003eGHC: try ghcup first, choco only as fallback\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump softprops/action-gh-release from 2 to 3 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/143\"\u003ehaskell-actions/setup#143\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eGHC: try ghcup first, choco only as fallback by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/144\"\u003ehaskell-actions/setup#144\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.11.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.4\u003c/h2\u003e\n\u003cp\u003eAdd GHC 9.12.4 and Stack 3.9.3\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd GHC 9.12.4 and Stack 3.9.3 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/142\"\u003ehaskell-actions/setup#142\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.3...v2.10.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.3\u003c/h2\u003e\n\u003cp\u003eAdd Stack 3.9.1\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Stack 3.9.1 by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/138\"\u003ehaskell-actions/setup#138\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.2...v2.10.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.10.2\u003c/h2\u003e\n\u003cp\u003eRemove GHCup vanilla channel from defaults\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eRemove GHCup vanilla channel from defaults by \u003ca href=\"https://github.com/andreasabel\"\u003e\u003ccode\u003e@​andreasabel\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/haskell-actions/setup/pull/137\"\u003ehaskell-actions/setup#137\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\"\u003ehttps://github.com/haskell-actions/setup/compare/v2.10.1...v2.10.2\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003e\u003ccode\u003ecd0d9bd\u003c/code\u003e\u003c/a\u003e GHC: try ghcup first, choco only as fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/4568e6457136c6847fb753cd5ae28b2ba3b42798\"\u003e\u003ccode\u003e4568e64\u003c/code\u003e\u003c/a\u003e Bump softprops/action-gh-release from 2 to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/de26526e12bc780fb9d384c1fb61c0bf02e3a40d\"\u003e\u003ccode\u003ede26526\u003c/code\u003e\u003c/a\u003e Add GHC 9.12.4 and Stack 3.9.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/f9150cb1d140e9a9271700670baa38991e6fa25c\"\u003e\u003ccode\u003ef9150cb\u003c/code\u003e\u003c/a\u003e Add Stack 3.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/dc63c94789664bb2910876ec3dfeeaa24d23b96b\"\u003e\u003ccode\u003edc63c94\u003c/code\u003e\u003c/a\u003e Remove GHCup vanilla channel from defaults\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/7786314267139caaaf743fbdb70341b116a8d25d\"\u003e\u003ccode\u003e7786314\u003c/code\u003e\u003c/a\u003e await addGhcupReleaseChannel\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/57571745c639e06be44b0a6a5874b874eb8ba392\"\u003e\u003ccode\u003e5757174\u003c/code\u003e\u003c/a\u003e Move all ghcup-add-channel commands into same group\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/ca45ec3f5855d88df81d141f6bbe87cf96aa7ede\"\u003e\u003ccode\u003eca45ec3\u003c/code\u003e\u003c/a\u003e Remove broken GHC 9.12.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/eb29c237a18b47554a426cb75d69844f689dc049\"\u003e\u003ccode\u003eeb29c23\u003c/code\u003e\u003c/a\u003e Use GHCup vanilla and prereleases channels by default\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haskell-actions/setup/commit/243ff44acce6b550747dcb4b9fa8a960b76e3fb0\"\u003e\u003ccode\u003e243ff44\u003c/code\u003e\u003c/a\u003e Add GHCs 9.14.1 and 9.12.3 and Cabal 3.16.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/haskell-actions/setup/compare/ec49483bfc012387b227434aba94f59a6ecd0900...cd0d9bdd65b20557f41bea4dbe43d0b5fbbfe553\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/cache` from 4.0.2 to 5.0.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/releases\"\u003eactions/cache's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.5\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate ts-http-runtime dependency by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1747\"\u003eactions/cache#1747\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.5\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.5\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.4\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd release instructions and update maintainer docs by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1696\"\u003eactions/cache#1696\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePotential fix for code scanning alert no. 52: Workflow does not contain permissions by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1697\"\u003eactions/cache#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix workflow permissions and cleanup workflow names / formatting by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1699\"\u003eactions/cache#1699\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Update examples to use the latest version by \u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix proxy integration tests by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1701\"\u003eactions/cache#1701\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix cache key in examples.md for bun.lock by \u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate dependencies \u0026amp; patch security vulnerabilities by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1738\"\u003eactions/cache#1738\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/XZTDean\"\u003e\u003ccode\u003e@​XZTDean\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1690\"\u003eactions/cache#1690\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/RyPeck\"\u003e\u003ccode\u003e@​RyPeck\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/cache/pull/1722\"\u003eactions/cache#1722\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.4\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.4\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.3\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/cache/compare/v5...v5.0.3\"\u003ehttps://github.com/actions/cache/compare/v5...v5.0.3\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev.5.0.2\u003c/h2\u003e\n\u003ch1\u003ev5.0.2\u003c/h1\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWhen creating cache entries, 429s returned from the cache service will not be retried.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003cstrong\u003e\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003eIf you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003chr /\u003e\n\u003ch1\u003ev5.0.1\u003c/h1\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003eactions/cache's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eReleases\u003c/h1\u003e\n\u003ch2\u003eHow to prepare a release\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\u003cbr /\u003e\nRelevant for maintainers with write access only.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003col\u003e\n\u003cli\u003eSwitch to a new branch from \u003ccode\u003emain\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm test\u003c/code\u003e to ensure all tests are passing.\u003c/li\u003e\n\u003cli\u003eUpdate the version in \u003ca href=\"https://github.com/actions/cache/blob/main/package.json\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/package.json\u003c/code\u003e\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003enpm run build\u003c/code\u003e to update the compiled files.\u003c/li\u003e\n\u003cli\u003eUpdate this \u003ca href=\"https://github.com/actions/cache/blob/main/RELEASES.md\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/RELEASES.md\u003c/code\u003e\u003c/a\u003e with the new version and changes in the \u003ccode\u003e## Changelog\u003c/code\u003e section.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed cache\u003c/code\u003e to update the license report.\u003c/li\u003e\n\u003cli\u003eRun \u003ccode\u003elicensed status\u003c/code\u003e and resolve any warnings by updating the \u003ca href=\"https://github.com/actions/cache/blob/main/.licensed.yml\"\u003e\u003ccode\u003ehttps://github.com/actions/cache/blob/main/.licensed.yml\u003c/code\u003e\u003c/a\u003e file with the exceptions.\u003c/li\u003e\n\u003cli\u003eCommit your changes and push your branch upstream.\u003c/li\u003e\n\u003cli\u003eOpen a pull request against \u003ccode\u003emain\u003c/code\u003e and get it reviewed and merged.\u003c/li\u003e\n\u003cli\u003eDraft a new release \u003ca href=\"https://github.com/actions/cache/releases\"\u003ehttps://github.com/actions/cache/releases\u003c/a\u003e use the same version number used in \u003ccode\u003epackage.json\u003c/code\u003e\n\u003col\u003e\n\u003cli\u003eCreate a new tag with the version number.\u003c/li\u003e\n\u003cli\u003eAuto generate release notes and update them to match the changes you made in \u003ccode\u003eRELEASES.md\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eToggle the set as the latest release option.\u003c/li\u003e\n\u003cli\u003ePublish the release.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003cli\u003eNavigate to \u003ca href=\"https://github.com/actions/cache/actions/workflows/release-new-action-version.yml\"\u003ehttps://github.com/actions/cache/actions/workflows/release-new-action-version.yml\u003c/a\u003e\n\u003col\u003e\n\u003cli\u003eThere should be a workflow run queued with the same version number.\u003c/li\u003e\n\u003cli\u003eApprove the run to publish the new version and update the major tags for this action.\u003c/li\u003e\n\u003c/ol\u003e\n\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2\u003eChangelog\u003c/h2\u003e\n\u003ch3\u003e5.0.4\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003eminimatch\u003c/code\u003e to v3.1.5 (fixes ReDoS via globstar patterns)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eundici\u003c/code\u003e to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003efast-xml-parser\u003c/code\u003e to v5.5.6\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.3\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.5 (Resolves: \u003ca href=\"https://github.com/actions/cache/security/dependabot/33\"\u003ehttps://github.com/actions/cache/security/dependabot/33\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/core\u003c/code\u003e to v2.0.3\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.2\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/cache\u003c/code\u003e to v5.0.3 \u003ca href=\"https://redirect.github.com/actions/cache/pull/1692\"\u003e#1692\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.1\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@azure/storage-blob\u003c/code\u003e to \u003ccode\u003e^12.29.1\u003c/code\u003e via \u003ccode\u003e@actions/cache@5.0.1\u003c/code\u003e \u003ca href=\"https://redirect.github.com/actions/cache/pull/1685\"\u003e#1685\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003e5.0.0\u003c/h3\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\n\u003ccode\u003eactions/cache@v5\u003c/code\u003e runs on the Node.js 24 runtime and requires a minimum Actions Runner version of \u003ccode\u003e2.327.1\u003c/code\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003e\u003ccode\u003e27d5ce7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1747\"\u003e#1747\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/f280785d7b6e1884c7d12b9136eb0f4a1574fcfd\"\u003e\u003ccode\u003ef280785\u003c/code\u003e\u003c/a\u003e licensed changes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/619aeb1606e195be0b36fd0ff68dcf1aff6b65a7\"\u003e\u003ccode\u003e619aeb1\u003c/code\u003e\u003c/a\u003e npm run build generated dist files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/bcf16c2893940a4899761e55c7ac3c1cf88a04f6\"\u003e\u003ccode\u003ebcf16c2\u003c/code\u003e\u003c/a\u003e Update ts-http-runtime to 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/668228422ae6a00e4ad889ee87cd7109ec5666a7\"\u003e\u003ccode\u003e6682284\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1738\"\u003e#1738\u003c/a\u003e from actions/prepare-v5.0.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/e34039626f957d3e3e50843d15c1b20547fc90e2\"\u003e\u003ccode\u003ee340396\u003c/code\u003e\u003c/a\u003e Update RELEASES\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/8a671105293e81530f1af99863cdf94550aba1a6\"\u003e\u003ccode\u003e8a67110\u003c/code\u003e\u003c/a\u003e Add licenses\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/1865903e1b0cb750dda9bc5c58be03424cc62830\"\u003e\u003ccode\u003e1865903\u003c/code\u003e\u003c/a\u003e Update dependencies \u0026amp; patch security vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/565629816435f6c0b50676926c9b05c254113c0c\"\u003e\u003ccode\u003e5656298\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/cache/issues/1722\"\u003e#1722\u003c/a\u003e from RyPeck/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/cache/commit/4e380d19e192ace8e86f23f32ca6fdec98a673c6\"\u003e\u003ccode\u003e4e380d1\u003c/code\u003e\u003c/a\u003e Fix cache key in examples.md for bun.lock\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/cache/compare/v4.0.2...27d5ce7f107fe9357f9df03efb73ab90386fccae\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/configure-pages` from 5.0.0 to 6.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/configure-pages/releases\"\u003eactions/configure-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eupgrade to node 24 \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpgrade IA Publish \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003epin draft release version \u003ca href=\"https://github.com/YiMysty\"\u003e\u003ccode\u003e@​YiMysty\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump espree from 9.6.1 to 10.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-config-prettier from 8.8.0 to 9.1.0 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBe more friendly to Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/158\"\u003e#158\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump eslint-plugin-github from 4.10.2 to 5.0.1 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/156\"\u003e#156\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.4 \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/145\"\u003e#145\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/configure-pages/compare/v5.0.0...v5.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003e\u003ccode\u003e45bfe01\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/186\"\u003e#186\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d8770c2b3b71963902cec525cf516368b4411a78\"\u003e\u003ccode\u003ed8770c2\u003c/code\u003e\u003c/a\u003e Update Node version from 20 to 24 in action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/cb8a1a32801e6cdb7b111ce13761226bba88f67d\"\u003e\u003ccode\u003ecb8a1a3\u003c/code\u003e\u003c/a\u003e upgrade to node 24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/d5606572c479bee637007364c6b4800ac4fc8573\"\u003e\u003ccode\u003ed560657\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/165\"\u003e#165\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/35e0ac4e4038e070ce9da26f41143bc3cf3c7e1d\"\u003e\u003ccode\u003e35e0ac4\u003c/code\u003e\u003c/a\u003e Upgrade IA Publish\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/1dfbcbff6519463927204dc279c2e0d307824ee2\"\u003e\u003ccode\u003e1dfbcbf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/163\"\u003e#163\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/2f4f988792f75a5edcc39df0e1661f78999e0348\"\u003e\u003ccode\u003e2f4f988\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/0d7570ca8762e8c951911e8c9655d8973cc93174\"\u003e\u003ccode\u003e0d7570c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/162\"\u003e#162\u003c/a\u003e from actions/pin-draft-release-verssion\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/3ea19669a5cd11c46d23d6578d088b81fe8527e5\"\u003e\u003ccode\u003e3ea1966\u003c/code\u003e\u003c/a\u003e pin draft release version\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/configure-pages/commit/aabcbc432d6b06d1fd5e8bf3cf756880c35e014d\"\u003e\u003ccode\u003eaabcbc4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/configure-pages/issues/160\"\u003e#160\u003c/a\u003e from actions/dependabot/npm_and_yarn/espree-10.1.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/configure-pages/compare/983d7736d9b0ae728b81ab479565c72886d7745b...45bfe0192ca1faeb007ade9deae92b16b8254a0d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-pages-artifact` from 3.0.1 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-pages-artifact/releases\"\u003eactions/upload-pages-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate upload-artifact action to version 7 \u003ca href=\"https://github.com/Tom-van-Woudenberg\"\u003e\u003ccode\u003e@​Tom-van-Woudenberg\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003efeat: add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input \u003ca href=\"https://github.com/jonchurch\"\u003e\u003ccode\u003e@​jonchurch\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePotentially breaking change: hidden files (specifically dotfiles) will not be included in the artifact by \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/102\"\u003eactions/upload-pages-artifact#102\u003c/a\u003e\nIf you need to include dotfiles in your artifact: instead of using this action, create your own artifact according to these requirements \u003ca href=\"https://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\"\u003ehttps://github.com/actions/upload-pages-artifact?tab=readme-ov-file#artifact-validation\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA by \u003ca href=\"https://github.com/heavymachinery\"\u003e\u003ccode\u003e@​heavymachinery\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/pull/127\"\u003eactions/upload-pages-artifact#127\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\"\u003ehttps://github.com/actions/upload-pages-artifact/compare/v3.0.1...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003e\u003ccode\u003efc324d3\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/139\"\u003e#139\u003c/a\u003e from Tom-van-Woudenberg/patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3\"\u003e\u003ccode\u003efe9d4b7\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980\"\u003e\u003ccode\u003e0ca1617\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/137\"\u003e#137\u003c/a\u003e from jonchurch/include-hidden-files\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b\"\u003e\u003ccode\u003e57f0e84\u003c/code\u003e\u003c/a\u003e Update action.yml\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d\"\u003e\u003ccode\u003e4a90348\u003c/code\u003e\u003c/a\u003e v7 --\u0026gt; hash\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569\"\u003e\u003ccode\u003e56f665a\u003c/code\u003e\u003c/a\u003e Update upload-artifact action to version 7\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414\"\u003e\u003ccode\u003ef7615f5\u003c/code\u003e\u003c/a\u003e Add \u003ccode\u003einclude-hidden-files\u003c/code\u003e input\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/7b1f4a764d45c48632c6b24a0339c27f5614fb0b\"\u003e\u003ccode\u003e7b1f4a7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/127\"\u003e#127\u003c/a\u003e from heavymachinery/pin-sha\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/4cc19c7d3f3e6c87c68366501382a03c8b1ba6db\"\u003e\u003ccode\u003e4cc19c7\u003c/code\u003e\u003c/a\u003e Pin \u003ccode\u003eactions/upload-artifact\u003c/code\u003e to SHA\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-pages-artifact/commit/2d163be3ddce01512f3eea7ac5b7023b5d643ce1\"\u003e\u003ccode\u003e2d163be\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-pages-artifact/issues/107\"\u003e#107\u003c/a\u003e from KittyChiu/main\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-pages-artifact/compare/56afc609e74202658d3ffba0e8f6dda462b719fa...fc324d3547104276b827a68afc52ff2a11cc49c9\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/deploy-pages` from 4.0.5 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/deploy-pages/releases\"\u003eactions/deploy-pages's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Node.js version to 24.x \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdd workflow file for publishing releases to immutable action package \u003ca href=\"https://github.com/Jcambass\"\u003e\u003ccode\u003e@​Jcambass\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eMake the rebuild dist workflow work nicer with Dependabot \u003ca href=\"https://github.com/yoannchaudet\"\u003e\u003ccode\u003e@​yoannchaudet\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group across 1 directory with 3 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eDelete repeated sentence \u003ca href=\"https://github.com/garethsb\"\u003e\u003ccode\u003e@​garethsb\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/359\"\u003e#359\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate README.md \u003ca href=\"https://github.com/tsusdere\"\u003e\u003ccode\u003e@​tsusdere\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/348\"\u003e#348\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eBump the non-breaking-changes group with 4 updates \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/341\"\u003e#341\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eRemove error message for file permissions \u003ca href=\"https://github.com/TooManyBees\"\u003e\u003ccode\u003e@​TooManyBees\u003c/code\u003e\u003c/a\u003e (\u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/340\"\u003e#340\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003chr /\u003e\n\u003cp\u003eSee details of \u003ca href=\"https://github.com/actions/deploy-pages/compare/v4.0.5...v4.0.6\"\u003eall code changes\u003c/a\u003e since previous release.\u003c/p\u003e\n\u003cp\u003e:warning: For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the \u003ca href=\"https://github.com/actions/deploy-pages/#compatibility\"\u003ecompatibility table\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003e\u003ccode\u003ecd2ce8f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/404\"\u003e#404\u003c/a\u003e from salmanmkc/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bbe2a950ee52d4f5cbe74e6d9d6a8803676e91d5\"\u003e\u003ccode\u003ebbe2a95\u003c/code\u003e\u003c/a\u003e Update Node.js version to 24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/854d7aa1b99e4509c4d1b53d69b7ba4eaf39215a\"\u003e\u003ccode\u003e854d7aa\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/374\"\u003e#374\u003c/a\u003e from actions/Jcambass-patch-1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/306bb814f29679fd12f0e4b0014bc1f3a7e7f4bc\"\u003e\u003ccode\u003e306bb81\u003c/code\u003e\u003c/a\u003e Add workflow file for publishing releases to immutable action package\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/b74272834adc04f971da4b0b055c49fa8d7f90c9\"\u003e\u003ccode\u003eb742728\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/360\"\u003e#360\u003c/a\u003e from actions/dependabot/npm_and_yarn/npm_and_yarn-513...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/72732942c639e67ea3f70165fd2e012dd6d95027\"\u003e\u003ccode\u003e7273294\u003c/code\u003e\u003c/a\u003e Bump braces in the npm_and_yarn group across 1 directory\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/963791f01c40ef3eff219c255dbfb97a6f2c9f87\"\u003e\u003ccode\u003e963791f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/361\"\u003e#361\u003c/a\u003e from actions/dependabot-friendly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/51bb29d9d7bfe15d731c4957ce1887b5ae8c6727\"\u003e\u003ccode\u003e51bb29d\u003c/code\u003e\u003c/a\u003e Make the rebuild dist workflow safer for Dependabot\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/89f3d10406f57ee86e6517a982b3fb0438bd6dc5\"\u003e\u003ccode\u003e89f3d10\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/deploy-pages/issues/358\"\u003e#358\u003c/a\u003e from actions/dependabot/npm_and_yarn/non-breaking-cha...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/deploy-pages/commit/bce735589bbbfa569f1d2ac003277b590d743e4c\"\u003e\u003ccode\u003ebce7355\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/deploy-pages/compare/d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e...cd2ce8fcbc39b97be8ca5fce6e763baed58fa128\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `erlef/setup-beam` from 1.18.2 to 1.24.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/erlef/setup-beam/releases\"\u003eerlef/setup-beam's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev1.24.0\u003c/h2\u003e\n\u003ch2\u003e⚠️ Potentially breaking changes\u003c/h2\u003e\n\u003cp\u003eSince GitHub is phasing out Node 20 runners, the \u003ccode\u003eerlef/setup-beam\u003c/code\u003e action has updated its requirements ([see PR \u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/426\"\u003e#426\u003c/a\u003e](\u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/426\"\u003eerlef/setup-beam#426\u003c/a\u003e)). Please \u003cstrong\u003eensure your workflow files are updated\u003c/strong\u003e to align with the \u003ca href=\"https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/\"\u003elatest GitHub Actions standards\u003c/a\u003e to avoid execution failures.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eSupport Node 24 runtime by \u003ca href=\"https://github.com/levibuzolic\"\u003e\u003ccode\u003e@​levibuzolic\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/426\"\u003eerlef/setup-beam#426\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFix error that occurs when parsing TOML files that use dotted keys by \u003ca href=\"https://github.com/mitchellhenke\"\u003e\u003ccode\u003e@​mitchellhenke\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/444\"\u003eerlef/setup-beam#444\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAutomation\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 3rd party licenses (automation) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/435\"\u003eerlef/setup-beam#435\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/436\"\u003eerlef/setup-beam#436\u003c/a\u003e, and \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/442\"\u003eerlef/setup-beam#442\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eSecurity\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump eslint from 10.0.3 to 10.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/439\"\u003eerlef/setup-beam#439\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump yauzl from 3.2.0 to 3.2.1 in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/437\"\u003eerlef/setup-beam#437\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump csv-parse from 6.1.0 to 6.2.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/440\"\u003eerlef/setup-beam#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/443\"\u003eerlef/setup-beam#443\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: address \u003ccode\u003ePrototype Pollution via parse() in NodeJS flatted\u003c/code\u003e by \u003ca href=\"https://github.com/paulo-ferraz-oliveira\"\u003e\u003ccode\u003e@​paulo-ferraz-oliveira\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/445\"\u003eerlef/setup-beam#445\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/levibuzolic\"\u003e\u003ccode\u003e@​levibuzolic\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/426\"\u003eerlef/setup-beam#426\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mitchellhenke\"\u003e\u003ccode\u003e@​mitchellhenke\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/444\"\u003eerlef/setup-beam#444\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/erlef/setup-beam/compare/v1...v1.24.0\"\u003ehttps://github.com/erlef/setup-beam/compare/v1...v1.24.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev1.23.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eFeatures\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efeat: add macOS-26 to supported ImageOS mappings by \u003ca href=\"https://github.com/petermm\"\u003e\u003ccode\u003e@​petermm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/430\"\u003eerlef/setup-beam#430\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: add Erlang problem matchers by \u003ca href=\"https://github.com/Taure\"\u003e\u003ccode\u003e@​Taure\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/433\"\u003eerlef/setup-beam#433\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixes\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: use dynamic import in tests to prevent ESM hoisting race by \u003ca href=\"https://github.com/petermm\"\u003e\u003ccode\u003e@​petermm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/429\"\u003eerlef/setup-beam#429\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: download correct Gleam binary for macOS and Linux ARM64 by \u003ca href=\"https://github.com/petermm\"\u003e\u003ccode\u003e@​petermm\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/428\"\u003eerlef/setup-beam#428\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRun ARM-specific tests consistently by \u003ca href=\"https://github.com/paulo-ferraz-oliveira\"\u003e\u003ccode\u003e@​paulo-ferraz-oliveira\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/434\"\u003eerlef/setup-beam#434\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eCompatibility matrix strategy by \u003ca href=\"https://github.com/sebastiw\"\u003e\u003ccode\u003e@​sebastiw\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/389\"\u003eerlef/setup-beam#389\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eVersion updates\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate 3rd party licenses (automation) by \u003ca href=\"https://github.com/github-actions\"\u003e\u003ccode\u003e@​github-actions\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/425\"\u003eerlef/setup-beam#425\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.0 in the npm_and_yarn group across 1 directory by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/erlef/setup-beam/pull/432\"\u003eerlef/setup-beam#432\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/fc68ffb90438ef2936bbb3251622353b3dcb2f93\"\u003e\u003ccode\u003efc68ffb\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to 190c3a5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/190c3a5e7b2d0a7e53ac2ae08f02a617c755b13d\"\u003e\u003ccode\u003e190c3a5\u003c/code\u003e\u003c/a\u003e Fix error that occurs when parsing TOML files that use dotted keys (\u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/444\"\u003e#444\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/92dab893ed9373c7c8b219be47f9e6ad3684507b\"\u003e\u003ccode\u003e92dab89\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to 5dfda65\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/5dfda6550693b3e524212c8e8956489385351723\"\u003e\u003ccode\u003e5dfda65\u003c/code\u003e\u003c/a\u003e fix: address \u003ccode\u003ePrototype Pollution via parse() in NodeJS flatted\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/445\"\u003e#445\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/ef385d6edc40d082c376680340dc4581014fb5c3\"\u003e\u003ccode\u003eef385d6\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to bf3c3af\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/bf3c3af135ef07a5f34ef23377a9cbf2b2e1fab0\"\u003e\u003ccode\u003ebf3c3af\u003c/code\u003e\u003c/a\u003e Bump picomatch from 4.0.3 to 4.0.4 in the npm_and_yarn group across 1 directo...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/e7645e410255776e1f30cddea2b7842df4b842fb\"\u003e\u003ccode\u003ee7645e4\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to a36098e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/a36098e7415c702808cc414302b5a3fa2c83df52\"\u003e\u003ccode\u003ea36098e\u003c/code\u003e\u003c/a\u003e Bump csv-parse from 6.1.0 to 6.2.1 (\u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/440\"\u003e#440\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/87781dc68a92d3ae823e02b5a7c030621fcc71a2\"\u003e\u003ccode\u003e87781dc\u003c/code\u003e\u003c/a\u003e Automation: update setup-beam version output to d5f3979\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/erlef/setup-beam/commit/d5f3979a5f2803385ad71e7a9e178d31f89b8d2b\"\u003e\u003ccode\u003ed5f3979\u003c/code\u003e\u003c/a\u003e Support Node 24 runtime (\u003ca href=\"https://redirect.github.com/erlef/setup-beam/issues/426\"\u003e#426\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/erlef/setup-beam/compare/v1.18.2...fc68ffb90438ef2936bbb3251622353b3dcb2f93\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.6 to 4.35.5\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.5\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for SHA-256 Git object IDs. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3893\"\u003e#3893\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.5 - 15 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eWe have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3899\"\u003e#3899\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFor performance and accuracy reasons, \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3791\"\u003e#3791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eIf multiple inputs are provided for the GitHub-internal \u003ccode\u003eanalysis-kinds\u003c/code\u003e input, only \u003ccode\u003ecode-scanning\u003c/code\u003e will be enabled. The \u003ccode\u003eanalysis-kinds\u003c/code\u003e input is experimental, for GitHub-internal use only, and may change without notice at any time. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3892\"\u003e#3892\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdded an experimental change which, when running a Code Scanning analysis for a PR with \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3880\"\u003e#3880\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache...\n\n_Description has been truncated_","html_url":"https://github.com/hyperpolymath/seamstress/pull/9","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/hyperpolymath%2Fseamstress/issues/9","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/9/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-17T22:06:12.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4465079342","node_id":"PR_kwDOSehZ0s7ccqn8","number":1,"state":"open","title":"chore(ci): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-17T22:06:12.000Z","updated_at":"2026-05-17T22:06:13.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Ski-Manager/Manager/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Ski-Manager%2FManager/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-17T10:58:15.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4463236654","node_id":"PR_kwDOPdJ_FM7cXNIc","number":15,"state":"closed","title":"chore(deps): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-17T11:11:33.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-17T10:58:15.000Z","updated_at":"2026-05-17T11:11:35.000Z","time_to_close":798,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.0 [2024-02-06]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all versions of \u003ccode\u003eactions/checkout\u003c/code\u003e to v4 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate to Node 20 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.8.0 [2023-03-24]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNo longer writing GitHub's SSH host keys to \u003ccode\u003eknown_hosts\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate to actions/checkout@v3 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow the user to override the commands for git, ssh-agent, and ssh-add (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.7.0 [2022-10-19]\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003elog-public-key\u003c/code\u003e input that can be used to turn off logging key identities (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path to \u003ccode\u003egit\u003c/code\u003e binary on Windows, assuming GitHub-hosted runners (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/136\"\u003e#136\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a nonsensical log message (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.0 [2022-10-19]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the version of Node used by the action from 12 to 16 (\u003ca href=\"https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/\"\u003ehttps://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.4 [2021-11-21]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/dc588b651fe13675774614f8e6a936a468676387...e83874834305fe9a4a2997156cb26c5de65a8555\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/Hsin-Kuo/transcriber/pull/15","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Hsin-Kuo%2Ftranscriber/issues/15","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/15/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-14T10:44:50.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4445266915","node_id":"PR_kwDOSdSfkc7be8sO","number":12,"state":"closed","title":"ci: bump the github-actions-minor-patch group with 3 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-14T23:38:49.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-14T10:44:50.000Z","updated_at":"2026-05-14T23:38:51.000Z","time_to_close":46439,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"ci: bump","group_name":"github-actions-minor-patch","update_count":3,"packages":[{"name":"GitGuardian/ggshield","old_version":"1.45.0","new_version":"1.50.4","repository_url":"https://github.com/gitguardian/ggshield"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"commitizen-tools/commitizen-action","old_version":"0.24.0","new_version":"0.27.1","repository_url":"https://github.com/commitizen-tools/commitizen-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions-minor-patch group with 3 updates: [GitGuardian/ggshield](https://github.com/gitguardian/ggshield), [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) and [commitizen-tools/commitizen-action](https://github.com/commitizen-tools/commitizen-action).\n\nUpdates `GitGuardian/ggshield` from 1.45.0 to 1.50.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/gitguardian/ggshield/releases\"\u003eGitGuardian/ggshield's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e1.50.4\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eggshield plugin install --allow-unsigned\u003c/code\u003e and \u003ccode\u003eggshield plugin update --allow-unsigned\u003c/code\u003e now verify plugin signatures using the embedded / cached sigstore trust root instead of refreshing it over the network, so plugins can still be installed when the sigstore TUF endpoints are unreachable.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.50.3\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSkip OS keyring access at startup when \u003ccode\u003eGITGUARDIAN_API_KEY\u003c/code\u003e is set in the environment (or in a \u003ccode\u003e.env\u003c/code\u003e file). This avoids redundant keychain unlock prompts on systems using multiple ggshield instances.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.50.2\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003euv tool install ggshield\u003c/code\u003e resolution by requiring sigstore 4, avoiding sigstore 3's transitive pre-release dependency on \u003ccode\u003ebetterproto\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.50.1\u003c/h2\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFixed plugin signature verification in PyInstaller-based packages by bundling sigstore's embedded TUF trust roots.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e1.50.0\u003c/h2\u003e\n\u003ch2\u003eAdded\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eggshield is now available as a MSI package.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd sigstore signature verification for plugin wheels, enforcing identity-based trust via OIDC. Install and update operations are strict by default, while \u003ccode\u003e--allow-unsigned\u003c/code\u003e persists an explicit trust exception for the exact wheel hash so explicitly accepted unsigned plugins can still load at runtime.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAPI tokens are now stored in the OS credential store (macOS Keychain, Windows Credential Locker, Linux Secret Service) via the \u003ccode\u003ekeyring\u003c/code\u003e library instead of cleartext in \u003ccode\u003eauth_config.yaml\u003c/code\u003e. Existing cleartext tokens are migrated automatically the next time the configuration is saved. If no OS credential store is available or \u003ccode\u003eGGSHIELD_NO_KEYRING=1\u003c/code\u003e, file-based storage is used as a fall-back.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a new \u003ccode\u003esecret.fail_on_server_error\u003c/code\u003e configuration option (default \u003ccode\u003eTrue\u003c/code\u003e), available as the \u003ccode\u003e--fail-on-server-error/--no-fail-on-server-error\u003c/code\u003e flag or \u003ccode\u003eGITGUARDIAN_FAIL_ON_SERVER_ERROR\u003c/code\u003e environment variable. When set to \u003ccode\u003eFalse\u003c/code\u003e, \u003ccode\u003esecret scan pre-commit\u003c/code\u003e, \u003ccode\u003esecret scan pre-push\u003c/code\u003e, \u003ccode\u003esecret scan pre-receive\u003c/code\u003e, and \u003ccode\u003esecret scan ci\u003c/code\u003e exit with code \u003ccode\u003e0\u003c/code\u003e and display a warning instead of blocking the git operation when the GitGuardian server is unreachable or returns a 5xx response. The default preserves the previous blocking behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew \u003ccode\u003eggshield ai discover\u003c/code\u003e command.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe AI hooks now also log/block MCP activity\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eChanged\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eBreaking\u003c/strong\u003e: \u003ccode\u003esecret scan pre-receive\u003c/code\u003e no longer fail-opens by default when the GitGuardian server returns a 5xx response. Previously the push was allowed through with a warning; now it is blocked, matching the other git hooks. Set \u003ccode\u003esecret.fail_on_server_error\u003c/code\u003e to \u003ccode\u003eFalse\u003c/code\u003e (or pass \u003ccode\u003e--no-fail-on-server-error\u003c/code\u003e) to restore the previous fail-open behavior.\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eFixed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eForward \u003ccode\u003esignature_mode\u003c/code\u003e through GitHub release and GitHub artifact download paths, ensuring signature verification is applied consistently across all install sources.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eScans of large repositories no longer fail on a single transient network glitch. ggshield now retries connection errors (e.g. \u003ccode\u003eConnectionResetError\u003c/code\u003e) and 502/503/504 responses with bounded exponential backoff.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eGlobal Copilot hooks are configured correctly in \u003ccode\u003e~/.copilot\u003c/code\u003e.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eSecurity\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePin the default package index in \u003ccode\u003epyproject.toml\u003c/code\u003e to public PyPI and add a rolling \u003ccode\u003eexclude-newer = \u0026quot;3 days\u0026quot;\u003c/code\u003e constraint, so the resolved \u003ccode\u003euv.lock\u003c/code\u003e is reproducible for external contributors/CI and newly-published (potentially malicious) releases get a short quarantine window before they can land in the lock.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/GitGuardian/ggshield/blob/main/CHANGELOG.md\"\u003eGitGuardian/ggshield's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.4 — 2026-05-07\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eggshield plugin install --allow-unsigned\u003c/code\u003e and \u003ccode\u003eggshield plugin update --allow-unsigned\u003c/code\u003e now verify plugin signatures using the embedded / cached sigstore trust root instead of refreshing it over the network, so plugins can still be installed when the sigstore TUF endpoints are unreachable.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.3 — 2026-04-30\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eSkip OS keyring access at startup when \u003ccode\u003eGITGUARDIAN_API_KEY\u003c/code\u003e is set in the environment (or in a \u003ccode\u003e.env\u003c/code\u003e file). This avoids redundant keychain unlock prompts on systems using multiple ggshield instances.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.2 — 2026-04-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed \u003ccode\u003euv tool install ggshield\u003c/code\u003e resolution by requiring sigstore 4, avoiding sigstore 3's transitive pre-release dependency on \u003ccode\u003ebetterproto\u003c/code\u003e.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.1 — 2026-04-29\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFixed plugin signature verification in PyInstaller-based packages by bundling sigstore's embedded TUF trust roots.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003c!-- raw HTML omitted --\u003e\u003c!-- raw HTML omitted --\u003e\u003c/p\u003e\n\u003ch2\u003e1.50.0 — 2026-04-28\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eggshield is now available as a MSI package.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdd sigstore signature verification for plugin wheels, enforcing identity-based trust via OIDC. Install and update operations are strict by default, while \u003ccode\u003e--allow-unsigned\u003c/code\u003e persists an explicit trust exception for the exact wheel hash so explicitly accepted unsigned plugins can still load at runtime.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAPI tokens are now stored in the OS credential store (macOS Keychain, Windows Credential Locker, Linux Secret Service) via the \u003ccode\u003ekeyring\u003c/code\u003e library instead of cleartext in \u003ccode\u003eauth_config.yaml\u003c/code\u003e. Existing cleartext tokens are migrated automatically the next time the configuration is saved. If no OS credential store is available or \u003ccode\u003eGGSHIELD_NO_KEYRING=1\u003c/code\u003e, file-based storage is used as a fall-back.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eAdded a new \u003ccode\u003esecret.fail_on_server_error\u003c/code\u003e configuration option (default \u003ccode\u003eTrue\u003c/code\u003e), available as the \u003ccode\u003e--fail-on-server-error/--no-fail-on-server-error\u003c/code\u003e flag or \u003ccode\u003eGITGUARDIAN_FAIL_ON_SERVER_ERROR\u003c/code\u003e environment variable. When set to \u003ccode\u003eFalse\u003c/code\u003e, \u003ccode\u003esecret scan pre-commit\u003c/code\u003e, \u003ccode\u003esecret scan pre-push\u003c/code\u003e, \u003ccode\u003esecret scan pre-receive\u003c/code\u003e, and \u003ccode\u003esecret scan ci\u003c/code\u003e exit with code \u003ccode\u003e0\u003c/code\u003e and display a warning instead of blocking the git operation when the GitGuardian server is unreachable or returns a 5xx response. The default preserves the previous blocking behavior.\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eNew \u003ccode\u003eggshield ai discover\u003c/code\u003e command.\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/4d84f4b8446d7d3543ee184af0a47f80a76ca476\"\u003e\u003ccode\u003e4d84f4b\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/bf7888634db6679002e6df42ba970836c97775d3\"\u003e\u003ccode\u003ebf78886\u003c/code\u003e\u003c/a\u003e fix(plugins): skip TUF update on --allow-unsigned\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/887cfae8f31533a243e53f14cbec78781b67c4a6\"\u003e\u003ccode\u003e887cfae\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/6d3c7bc5b56f53feca90db3f063f30db8696142e\"\u003e\u003ccode\u003e6d3c7bc\u003c/code\u003e\u003c/a\u003e fix(auth): do not query keyring if API key env var is set\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/87a2dd9d93c80b156386fb6ee06f9d94628b772c\"\u003e\u003ccode\u003e87a2dd9\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.2\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/c389616a2f41efca4d73caf106ac67db4502a890\"\u003e\u003ccode\u003ec389616\u003c/code\u003e\u003c/a\u003e fix(deps): make uv install resolve without prereleases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/093a0ffd9d503544ad0660c04e385d4c0e226280\"\u003e\u003ccode\u003e093a0ff\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/e293768591ad627bd563e521b24d5ee24d9d5273\"\u003e\u003ccode\u003ee293768\u003c/code\u003e\u003c/a\u003e ci(release): upload MSI to github releases\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/4d9179c05fd3f02fda5d3c370c4bbcea1b91b225\"\u003e\u003ccode\u003e4d9179c\u003c/code\u003e\u003c/a\u003e fix: bundle sigstore roots in PyInstaller packages\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/GitGuardian/ggshield/commit/48630d5d474114c420ce295214a52bd8aefd79c2\"\u003e\u003ccode\u003e48630d5\u003c/code\u003e\u003c/a\u003e chore(release): 1.50.0\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/gitguardian/ggshield/compare/edac2af7a4c4670e24600482e6ae0b3e2bb52160...4d84f4b8446d7d3543ee184af0a47f80a76ca476\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webfactory/ssh-agent` from 0.9.0 to 0.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.9.0 [2024-02-06]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all versions of \u003ccode\u003eactions/checkout\u003c/code\u003e to v4 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/199\"\u003e#199\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate to Node 20 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.8.0 [2023-03-24]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eNo longer writing GitHub's SSH host keys to \u003ccode\u003eknown_hosts\u003c/code\u003e (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/171\"\u003e#171\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eUpdate to actions/checkout@v3 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/143\"\u003e#143\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAllow the user to override the commands for git, ssh-agent, and ssh-add (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/154\"\u003e#154\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.7.0 [2022-10-19]\u003c/h2\u003e\n\u003ch3\u003eAdded\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd the \u003ccode\u003elog-public-key\u003c/code\u003e input that can be used to turn off logging key identities (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/122\"\u003e#122\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path to \u003ccode\u003egit\u003c/code\u003e binary on Windows, assuming GitHub-hosted runners (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/136\"\u003e#136\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/137\"\u003e#137\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eFix a nonsensical log message (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/139\"\u003e#139\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.6.0 [2022-10-19]\u003c/h2\u003e\n\u003ch3\u003eChanged\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the version of Node used by the action from 12 to 16 (\u003ca href=\"https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/\"\u003ehttps://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/\u003c/a\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev0.5.4 [2021-11-21]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/dc588b651fe13675774614f8e6a936a468676387...e83874834305fe9a4a2997156cb26c5de65a8555\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `commitizen-tools/commitizen-action` from 0.24.0 to 0.27.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/commitizen-tools/commitizen-action/releases\"\u003ecommitizen-tools/commitizen-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.27.1 (2026-02-17)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecorrectly set next_version_major and next_version_minor outputs\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[master 338bbd8] bump: version 0.27.0 → 0.27.1\n2 files changed, 7 insertions(+), 1 deletion(-)\u003c/p\u003e\n\u003ch2\u003e0.27.0 (2026-01-17)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003e--build-metadata\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[master 2e8226b] bump: version 0.26.0 → 0.27.0\n2 files changed, 7 insertions(+), 1 deletion(-)\u003c/p\u003e\n\u003ch2\u003e0.26.0 (2025-11-19)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd gpg-agent\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[master bb4f1df] bump: version 0.25.0 → 0.26.0\n2 files changed, 7 insertions(+), 1 deletion(-)\u003c/p\u003e\n\u003ch2\u003e0.25.0 (2025-11-16)\u003c/h2\u003e\n\u003ch3\u003eBREAKING CHANGE\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThis update requires commitizen \u0026gt; 4.10 in order to use --minor and --major\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd more output information\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e[master 9615e7b] bump: version 0.24.0 → 0.25.0\n2 files changed, 11 insertions(+), 1 deletion(-)\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/commitizen-tools/commitizen-action/blob/master/CHANGELOG.md\"\u003ecommitizen-tools/commitizen-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.27.1 (2026-02-17)\u003c/h2\u003e\n\u003ch3\u003eFix\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003ecorrectly set next_version_major and next_version_minor outputs\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.27.0 (2026-01-17)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd \u003ccode\u003e--build-metadata\u003c/code\u003e option\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.26.0 (2025-11-19)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd gpg-agent\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.25.0 (2025-11-16)\u003c/h2\u003e\n\u003ch3\u003eBREAKING CHANGE\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eThis update requires commitizen \u0026gt; 4.10 in order to use --minor and --major\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd more output information\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.24.0 (2025-02-25)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd support for manual version bumping\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.23.1 (2024-12-21)\u003c/h2\u003e\n\u003ch2\u003e0.23.0 (2024-12-09)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003e\u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen-action/issues/55\"\u003e#55\u003c/a\u003e\u003c/strong\u003e: add ACTOR input parameter\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.22.0 (2024-11-06)\u003c/h2\u003e\n\u003ch3\u003eFeat\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eadd working-directory input\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e0.21.0 (2024-03-05)\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/338bbd841b75aaee6bf5340e1fa12f6ab58ff9ff\"\u003e\u003ccode\u003e338bbd8\u003c/code\u003e\u003c/a\u003e bump: version 0.27.0 → 0.27.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/8ce5a4ded4f30babfd29493576840e7a67db7c32\"\u003e\u003ccode\u003e8ce5a4d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen-action/issues/110\"\u003e#110\u003c/a\u003e from BjoernPetersen/master\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/b71e34a536e91f0b07539be54ff89ebcaea85ef6\"\u003e\u003ccode\u003eb71e34a\u003c/code\u003e\u003c/a\u003e fix: correctly set next_version_major and next_version_minor outputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/2e8226b3e7e141ae28de9942957f267eb5d68fb6\"\u003e\u003ccode\u003e2e8226b\u003c/code\u003e\u003c/a\u003e bump: version 0.26.0 → 0.27.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/f2d9dafa1a01a7429a5d7827404cf8e9094517d4\"\u003e\u003ccode\u003ef2d9daf\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003e--build-metadata\u003c/code\u003e option\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/bb4f1df6601e2a1a891506581b0c53acdc88e07d\"\u003e\u003ccode\u003ebb4f1df\u003c/code\u003e\u003c/a\u003e bump: version 0.25.0 → 0.26.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/3a021a42374acb88b332c30a59c971d08bd4ed0f\"\u003e\u003ccode\u003e3a021a4\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/commitizen-tools/commitizen-action/issues/104\"\u003e#104\u003c/a\u003e from commitizen-tools/fix/add-gpg-agent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/a5c032df72e42a388bc223ce22311f259fc73b5c\"\u003e\u003ccode\u003ea5c032d\u003c/code\u003e\u003c/a\u003e feat: add gpg-agent\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/9615e7be1cf341393c52e865ebbdaa0712176d81\"\u003e\u003ccode\u003e9615e7b\u003c/code\u003e\u003c/a\u003e bump: version 0.24.0 → 0.25.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/commitizen-tools/commitizen-action/commit/cd7feb8558ec5ba1a01497e43022c36180ec2bad\"\u003e\u003ccode\u003ecd7feb8\u003c/code\u003e\u003c/a\u003e feat: add more output information\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/commitizen-tools/commitizen-action/compare/5b0848cd060263e24602d1eba03710e056ef7711...338bbd841b75aaee6bf5340e1fa12f6ab58ff9ff\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/mighty-muffin/insecure-bank/pull/12","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/mighty-muffin%2Finsecure-bank/issues/12","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/12/packages"}},{"old_version":"0.9.1","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-12T01:34:40.000Z","version_change":"0.9.1 → 0.10.0","issue":{"uuid":"4425505967","node_id":"PR_kwDOKO4rpM7afJn8","number":193,"state":"closed","title":"⬆️ gha: Bump the github-actions group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-19T03:51:34.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-12T01:34:40.000Z","updated_at":"2026-05-19T03:51:36.000Z","time_to_close":613014,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆️ gha: Bump","group_name":"github-actions","update_count":13,"packages":[{"name":"step-security/harden-runner","old_version":"2.15.0","new_version":"2.19.1","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/setup-go","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-go"},{"name":"github/codeql-action","old_version":"4.32.5","new_version":"4.35.4","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/dependency-review-action","old_version":"4.8.3","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"reviewdog/action-golangci-lint","old_version":"2.8.0","new_version":"2.10.0","repository_url":"https://github.com/reviewdog/action-golangci-lint"},{"name":"reviewdog/action-alex","old_version":"1.16.0","new_version":"1.16.1","repository_url":"https://github.com/reviewdog/action-alex"},{"name":"reviewdog/action-actionlint","old_version":"1.71.0","new_version":"1.72.0","repository_url":"https://github.com/reviewdog/action-actionlint"},{"name":"mikepenz/release-changelog-builder-action","old_version":"6.1.1","new_version":"6.2.1","repository_url":"https://github.com/mikepenz/release-changelog-builder-action"},{"name":"softprops/action-gh-release","old_version":"2.5.0","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"aws-actions/configure-aws-credentials","old_version":"6.0.0","new_version":"6.1.1","repository_url":"https://github.com/aws-actions/configure-aws-credentials"},{"name":"test-summary/action","old_version":"2.4","new_version":"2.6","repository_url":"https://github.com/test-summary/action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.15.0` | `2.19.1` |\n| [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` | `6.4.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.5` | `4.35.4` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.3` | `5.0.0` |\n| [reviewdog/action-golangci-lint](https://github.com/reviewdog/action-golangci-lint) | `2.8.0` | `2.10.0` |\n| [reviewdog/action-alex](https://github.com/reviewdog/action-alex) | `1.16.0` | `1.16.1` |\n| [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.71.0` | `1.72.0` |\n| [mikepenz/release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action) | `6.1.1` | `6.2.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `3.0.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.1` |\n| [test-summary/action](https://github.com/test-summary/action) | `2.4` | `2.6` |\n\n\nUpdates `step-security/harden-runner` from 2.15.0 to 2.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eGlobal Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.\u003c/p\u003e\n\u003cp\u003eDeploy on Self-Hosted VM: Added \u003ccode\u003edeploy-on-self-hosted-vm\u003c/code\u003e input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.17.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003ePolicy Store Support\u003c/h3\u003e\n\u003cp\u003eAdded \u003ccode\u003euse-policy-store\u003c/code\u003e and \u003ccode\u003eapi-key\u003c/code\u003e inputs to fetch security policies directly from the \u003ca href=\"https://docs.stepsecurity.io/harden-runner/policy-store\"\u003eStepSecurity Policy Store\u003c/a\u003e. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing \u003ccode\u003epolicy\u003c/code\u003e input which requires \u003ccode\u003eid-token: write\u003c/code\u003e permission. If no policy is found in the store, the action defaults to audit mode.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.16.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6c3c2f2c1c457b00c10c4848d6f5491db3b629df\"\u003e\u003ccode\u003e6c3c2f2\u003c/code\u003e\u003c/a\u003e Feature/deploy on self hosted vm (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/658\"\u003e#658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/f808768d1510423e83855289c910610ca9b43176\"\u003e\u003ccode\u003ef808768\u003c/code\u003e\u003c/a\u003e Feature/policy store (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/656\"\u003e#656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fe104658747b27e96e4f7e80cd0a94068e53901d\"\u003e\u003ccode\u003efe10465\u003c/code\u003e\u003c/a\u003e v2.16.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/654\"\u003e#654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594\"\u003e\u003ccode\u003efa2e9d6\u003c/code\u003e\u003c/a\u003e Release v2.16.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/58077d3c7e43986b6b15fba718e8ea69e387dfcc\"\u003e\u003ccode\u003e58077d3\u003c/code\u003e\u003c/a\u003e Release v2.15.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/641\"\u003e#641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-go` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-go/releases\"\u003eactions/setup-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd go-download-base-url input for custom Go distributions by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/721\"\u003eactions/setup-go#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency update\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/727\"\u003eactions/setup-go#727\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation update\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRearrange README.md, add advanced-usage.md by \u003ca href=\"https://github.com/priyagupta108\"\u003e\u003ccode\u003e@​priyagupta108\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/724\"\u003eactions/setup-go#724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Microsoft build of Go link by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/734\"\u003eactions/setup-go#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/721\"\u003eactions/setup-go#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-go/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-go/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c\"\u003e\u003ccode\u003e4a36011\u003c/code\u003e\u003c/a\u003e docs: fix Microsoft build of Go link (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/734\"\u003e#734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d\"\u003e\u003ccode\u003e8f19afc\u003c/code\u003e\u003c/a\u003e feat: add go-download-base-url input for custom Go distributions (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/721\"\u003e#721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a\"\u003e\u003ccode\u003e27fdb26\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/727\"\u003e#727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b\"\u003e\u003ccode\u003edef8c39\u003c/code\u003e\u003c/a\u003e Rearrange README.md, add advanced-usage.md (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/724\"\u003e#724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.5 to 4.35.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003e\u003ccode\u003e68bde55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3885\"\u003e#3885\u003c/a\u003e from github/update-v4.35.4-803d9e8c3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9739ad2d182c072da0d01a6887f7f39620f71b1e\"\u003e\u003ccode\u003e9739ad2\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/803d9e8c3ca8b0dd2029a1da3b541a18b6bfb076\"\u003e\u003ccode\u003e803d9e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3883\"\u003e#3883\u003c/a\u003e from github/mbg/test/macro-wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0fd9c7d1358a7404e46ed8165f12262f56bd1434\"\u003e\u003ccode\u003e0fd9c7d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3882\"\u003e#3882\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/922d6fb888d665134eb982b150b8912dbd48e21a\"\u003e\u003ccode\u003e922d6fb\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003emakeMacro\u003c/code\u003e instead of \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/df77e87896689b5c736433984c5df14d86c63d56\"\u003e\u003ccode\u003edf77e87\u003c/code\u003e\u003c/a\u003e Update test macro snippet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6e3f985e4fc409a188c7701b68c4dec158c9ced3\"\u003e\u003ccode\u003e6e3f985\u003c/code\u003e\u003c/a\u003e Add wrapper for \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e7a347dfb1bfb7a858347623fcb4f650effca6b5\"\u003e\u003ccode\u003ee7a347d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3881\"\u003e#3881\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/17eabb2500031486a71e00ecbcb72c73804a6c9f\"\u003e\u003ccode\u003e17eabb2\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/aaef09c48db2dd7f0100363de1785963a34cd706\"\u003e\u003ccode\u003eaaef09c\u003c/code\u003e\u003c/a\u003e Bump ruby/setup-ruby\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.8.3 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependency Review Action 4.9.0\u003c/h2\u003e\n\u003cp\u003eThis feature release contains a couple of notable changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThere is a new configuration option \u003ccode\u003eshow_patched_versions\u003c/code\u003e which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eRuns which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eThere are a couple of fixes to purl parsing which should improve match accuracy for \u003ccode\u003eallow-package-dependency\u003c/code\u003e lists, including case (in)sensitivity and url-encoded namespaces Thanks \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare normalized purls to account for encoding quirks by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1056\"\u003eactions/dependency-review-action#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake purl comparisons case insensitive by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1057\"\u003eactions/dependency-review-action#1057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeat: Add \u003ccode\u003ePatched Version\u003c/code\u003e to \u003ccode\u003eVulnerabilities\u003c/code\u003e summary by \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1045\"\u003eactions/dependency-review-action#1045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only get scorecard levels if user wants to see the OpenSSF scorecard by \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 10.1.0 to 10.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1058\"\u003eactions/dependency-review-action#1058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1021\"\u003eactions/dependency-review-action#1021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates for release 4.9.0 by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1064\"\u003eactions/dependency-review-action#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/05fe4576374b728f0c523d6a13d64c25081e0803...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-golangci-lint` from 2.8.0 to 2.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/releases\"\u003ereviewdog/action-golangci-lint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v2.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: update go download url by \u003ca href=\"https://github.com/kurochan\"\u003e\u003ccode\u003e@​kurochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/817\"\u003ereviewdog/action-golangci-lint#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.19.37 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/802\"\u003ereviewdog/action-golangci-lint#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.4.6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/805\"\u003ereviewdog/action-golangci-lint#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​vercel/ncc\u003c/code\u003e to v0.38.4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/812\"\u003ereviewdog/action-golangci-lint#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v4.3.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/813\"\u003ereviewdog/action-golangci-lint#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency eslint-plugin-import to v2.32.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/814\"\u003ereviewdog/action-golangci-lint#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e and eslint-plugin-jest by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/818\"\u003ereviewdog/action-golangci-lint#818\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency prettier to v3.8.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/819\"\u003ereviewdog/action-golangci-lint#819\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency typescript to v5.9.3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/820\"\u003ereviewdog/action-golangci-lint#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.32.6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/821\"\u003ereviewdog/action-golangci-lint#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-actionlint action to v1.71.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/822\"\u003ereviewdog/action-golangci-lint#822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-eslint action to v1.34.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/823\"\u003ereviewdog/action-golangci-lint#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade Node.js runtime to v24 by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/824\"\u003ereviewdog/action-golangci-lint#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate to ES Modules with Rollup by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/825\"\u003ereviewdog/action-golangci-lint#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/827\"\u003ereviewdog/action-golangci-lint#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump eslint 10.0.3 by \u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/832\"\u003ereviewdog/action-golangci-lint#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eintroduce bundle script by \u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/835\"\u003ereviewdog/action-golangci-lint#835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update node.js to v24.14.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/836\"\u003ereviewdog/action-golangci-lint#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-node action to v6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/828\"\u003ereviewdog/action-golangci-lint#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/829\"\u003ereviewdog/action-golangci-lint#829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kurochan\"\u003e\u003ccode\u003e@​kurochan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/817\"\u003ereviewdog/action-golangci-lint#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/824\"\u003ereviewdog/action-golangci-lint#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/compare/v2.9.0...v2.10.0\"\u003ehttps://github.com/reviewdog/action-golangci-lint/compare/v2.9.0...v2.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Go to v1.23 by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/783\"\u003ereviewdog/action-golangci-lint#783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(config): migrate renovate config by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/784\"\u003ereviewdog/action-golangci-lint#784\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.28.13 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/781\"\u003ereviewdog/action-golangci-lint#781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/semver\u003c/code\u003e to v7.7.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/786\"\u003ereviewdog/action-golangci-lint#786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.17.28 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/787\"\u003ereviewdog/action-golangci-lint#787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CI to check golintci-lint config by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/790\"\u003ereviewdog/action-golangci-lint#790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.golangci.v1.yml: disable golint by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/791\"\u003ereviewdog/action-golangci-lint#791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.3.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/792\"\u003ereviewdog/action-golangci-lint#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.3.2 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/799\"\u003ereviewdog/action-golangci-lint#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-node action to v4.4.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/800\"\u003ereviewdog/action-golangci-lint#800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.28.15 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/796\"\u003ereviewdog/action-golangci-lint#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.17.30 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/793\"\u003ereviewdog/action-golangci-lint#793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency typescript to v5.8.3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/794\"\u003ereviewdog/action-golangci-lint#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency js-yaml to v4.1.1 [security] by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/810\"\u003ereviewdog/action-golangci-lint#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e and eslint-plugin-jest (major) by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/727\"\u003ereviewdog/action-golangci-lint#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update haya14busa/action-bumpr action to v1.11.4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/795\"\u003ereviewdog/action-golangci-lint#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update haya14busa/action-update-semver action to v1.5.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/797\"\u003ereviewdog/action-golangci-lint#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.31.8 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/801\"\u003ereviewdog/action-golangci-lint#801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/c76cceaaab89abe74e649d2e34c6c9adc26662d2\"\u003e\u003ccode\u003ec76ccea\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/829\"\u003e#829\u003c/a\u003e from reviewdog/renovate/github-codeql-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/6381f9840173f5bf1dd06c6c05ea4735db76f0be\"\u003e\u003ccode\u003e6381f98\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/89de6bb90b32be99e9910a2888948ed3dfe6af7d\"\u003e\u003ccode\u003e89de6bb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/828\"\u003e#828\u003c/a\u003e from reviewdog/renovate/actions-setup-node-6.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/0c74698972d41c9418acf5e16e13e114ff2cad7f\"\u003e\u003ccode\u003e0c74698\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/d0c4e9d9525555e62a0d54cf67b89c96f00437a1\"\u003e\u003ccode\u003ed0c4e9d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/836\"\u003e#836\u003c/a\u003e from reviewdog/renovate/node-24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/c2a63d69d1acbfa831c574899e630f70f29c445d\"\u003e\u003ccode\u003ec2a63d6\u003c/code\u003e\u003c/a\u003e chore(deps): update node.js to v24.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/3943b33a58d990d2bddbe92ad09d129a532ad6a0\"\u003e\u003ccode\u003e3943b33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/835\"\u003e#835\u003c/a\u003e from reviewdog/introduce-bundle-script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/575ba3109bc3234b78d0520562beb2c4a40d62bb\"\u003e\u003ccode\u003e575ba31\u003c/code\u003e\u003c/a\u003e update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/a69b2ade8c81d090c53095e9ba3f2efc838080f9\"\u003e\u003ccode\u003ea69b2ad\u003c/code\u003e\u003c/a\u003e bump lockfileVersion to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/2a19ff60992f354a2e04a69b10e22decd658eaf5\"\u003e\u003ccode\u003e2a19ff6\u003c/code\u003e\u003c/a\u003e install rimraf\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/compare/f9bba13753278f6a73b27a56a3ffb1bfda90ed71...c76cceaaab89abe74e649d2e34c6c9adc26662d2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-alex` from 1.16.0 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-alex/releases\"\u003ereviewdog/action-alex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.16.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: Pin GitHub Actions with commit SHA using pinact by \u003ca href=\"https://github.com/haya14busa\"\u003e\u003ccode\u003e@​haya14busa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/47\"\u003ereviewdog/action-alex#47\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-shellcheck action to v1.30.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/48\"\u003ereviewdog/action-alex#48\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: propagate exit code for fail_on_error support by \u003ca href=\"https://github.com/vincent067\"\u003e\u003ccode\u003e@​vincent067\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/59\"\u003ereviewdog/action-alex#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vincent067\"\u003e\u003ccode\u003e@​vincent067\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/59\"\u003ereviewdog/action-alex#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/reviewdog/action-alex/compare/v1.16.0...v1.16.1\"\u003ehttps://github.com/reviewdog/action-alex/compare/v1.16.0...v1.16.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/b6673b547eeb6d430c87ef02dc3524bdf34e324d\"\u003e\u003ccode\u003eb6673b5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/59\"\u003e#59\u003c/a\u003e from vincent067/fix-fail-on-error-exit-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/117bd5855dea9fbf4f62bed06615f4fd01840569\"\u003e\u003ccode\u003e117bd58\u003c/code\u003e\u003c/a\u003e fix: propagate exit code to make fail_on_error work correctly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/ee2bd61307cf0eb11f6ce460d58352e10bf4b8b7\"\u003e\u003ccode\u003eee2bd61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/48\"\u003e#48\u003c/a\u003e from reviewdog/renovate/reviewdog-action-shellcheck-1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/7b37af6b84908d4e7515e4bc81a94e83b435375d\"\u003e\u003ccode\u003e7b37af6\u003c/code\u003e\u003c/a\u003e chore(deps): update reviewdog/action-shellcheck action to v1.30.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/dd45e4f3127a4bb11c96a375adbdecdf27218d55\"\u003e\u003ccode\u003edd45e4f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/47\"\u003e#47\u003c/a\u003e from reviewdog/pinact-readme-20250319-031733\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/0fa17b0d9543cae655526dc38be46d954d1d42a9\"\u003e\u003ccode\u003e0fa17b0\u003c/code\u003e\u003c/a\u003e README: Pin GitHub Actions with commit SHA using pinact\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/reviewdog/action-alex/compare/6083b8ca333981fa617c6828c5d8fb21b13d916b...b6673b547eeb6d430c87ef02dc3524bdf34e324d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-actionlint` from 1.71.0 to 1.72.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-actionlint/releases\"\u003ereviewdog/action-actionlint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.72.0\u003c/h2\u003e\n\u003cp\u003ev1.72.0: PR \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/196\"\u003e#196\u003c/a\u003e - chore(deps): update actionlint to 1.7.12\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/6fb7acc99f4a1008869fa8a0f09cfca740837d9d\"\u003e\u003ccode\u003e6fb7acc\u003c/code\u003e\u003c/a\u003e bump v1.72.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/b2a904a8c140063d06dc5319ba69a672d7a4909d\"\u003e\u003ccode\u003eb2a904a\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into releases/v1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/5eaffa19a1991ecc52b11eddcdd57760d1ac7e3d\"\u003e\u003ccode\u003e5eaffa1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/196\"\u003e#196\u003c/a\u003e from reviewdog/depup/actionlint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/39a67548aa7718c321746aa5a54a9e8034505cde\"\u003e\u003ccode\u003e39a6754\u003c/code\u003e\u003c/a\u003e chore(deps): update actionlint to 1.7.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/d39025c0fb1cc41ac827852403ea94804b0e6907\"\u003e\u003ccode\u003ed39025c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/195\"\u003e#195\u003c/a\u003e from reviewdog/renovate/docker-setup-buildx-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/2e8272d25ca2b89be8abc6a0b65c8c5e8a5eae05\"\u003e\u003ccode\u003e2e8272d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/194\"\u003e#194\u003c/a\u003e from reviewdog/renovate/docker-setup-qemu-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/128d9b7b1e43f8eaef5602138f5c9f80ee3c3149\"\u003e\u003ccode\u003e128d9b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/190\"\u003e#190\u003c/a\u003e from reviewdog/renovate/shogo82148-actions-create-rel...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/1674e4f79a2bf9c94d1d301e60b8f8226eea0137\"\u003e\u003ccode\u003e1674e4f\u003c/code\u003e\u003c/a\u003e chore(deps): update docker/setup-buildx-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/8fdb9d20764d93bca3a294fe7fd615fcf8a82332\"\u003e\u003ccode\u003e8fdb9d2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/189\"\u003e#189\u003c/a\u003e from reviewdog/renovate/docker-setup-buildx-action-3.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/a518ce8798c4eda875ca9e369388679ec67ac3ac\"\u003e\u003ccode\u003ea518ce8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/188\"\u003e#188\u003c/a\u003e from reviewdog/renovate/peter-evans-create-pull-reque...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reviewdog/action-actionlint/compare/0d952c597ef8459f634d7145b0b044a9699e5e43...6fb7acc99f4a1008869fa8a0f09cfca740837d9d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mikepenz/release-changelog-builder-action` from 6.1.1 to 6.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/releases\"\u003emikepenz/release-changelog-builder-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.1\u003c/h2\u003e\n\u003ch2\u003e🐛 Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle multi-line commit bodies in git log parsing\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1553\"\u003e#1553\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e💬 Other\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove Renovate workflow\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1551\"\u003e#1551\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributors:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz\"\u003e\u003ccode\u003e@​mikepenz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003e💬 Other\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity hardening: Renovate, SHA-pinned actions, least-privilege permissions\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1536\"\u003e#1536\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix: use PR author for commit-dist job condition\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1541\"\u003e#1541\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/upload-artifact from 6 to 7\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1523\"\u003e#1523\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump mikepenz/action-gh-release from 1 to 2\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1529\"\u003e#1529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1531\"\u003e#1531\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump the dev-dependencies group with 4 updates\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1532\"\u003e#1532\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump vitest from 4.0.18 to 4.1.0\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1533\"\u003e#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump https-proxy-agent from 7.0.6 to 8.0.0\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1534\"\u003e#1534\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1535\"\u003e#1535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency glob to v11.1.0 [security]\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1537\"\u003e#1537\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): pin mikepenz/release-changelog-builder-action action to d7b8cec\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1539\"\u003e#1539\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency undici to v7\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1540\"\u003e#1540\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore: upgrade TypeScript to v6\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1543\"\u003e#1543\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore: pin all dependencies to exact versions\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1544\"\u003e#1544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update mikepenz/release-changelog-builder-action digest to a77ddc5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/bcae7115752d4ed746ff92feb666574428a79415\"\u003e\u003ccode\u003ebcae711\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1554\"\u003e#1554\u003c/a\u003e from mikepenz/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/5795a331a1896dc0d5df89bc33a6eb5f85ec3381\"\u003e\u003ccode\u003e5795a33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1553\"\u003e#1553\u003c/a\u003e from mikepenz/fix/multiline-commit-body-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/f5544cb178b60efb5ed9c2103aec3ae8d1347aab\"\u003e\u003ccode\u003ef5544cb\u003c/code\u003e\u003c/a\u003e fix: use git %x00/%x1f format placeholders instead of literal bytes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/7ebd13b3034b0e0464e3cc5cc63a215af1670fa3\"\u003e\u003ccode\u003e7ebd13b\u003c/code\u003e\u003c/a\u003e fix: use non-printable separators for robust git log parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/787f65d59db64ae02a78eadabe1caa8b270adc8d\"\u003e\u003ccode\u003e787f65d\u003c/code\u003e\u003c/a\u003e fix: handle multi-line commit bodies in git log parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/1d37aec5da47494e13cc58a287454b75bc26d516\"\u003e\u003ccode\u003e1d37aec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1551\"\u003e#1551\u003c/a\u003e from mikepenz/chore/remove-renovate-workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/a8e74a6c873da1027f31c319e4a4cd2672fb6e5f\"\u003e\u003ccode\u003ea8e74a6\u003c/code\u003e\u003c/a\u003e chore: override vite to 8.0.5 to fix vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/202a06fc65105d3872e2a97b05c4716008434838\"\u003e\u003ccode\u003e202a06f\u003c/code\u003e\u003c/a\u003e chore: remove Renovate workflow (using self-hosted app instead)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/2cb9befdbc05f65b8354cc9873cd506509bd0782\"\u003e\u003ccode\u003e2cb9bef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1547\"\u003e#1547\u003c/a\u003e from mikepenz/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/0cc28988c351cc996275143ae3ea584dcc19d31d\"\u003e\u003ccode\u003e0cc2898\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1546\"\u003e#1546\u003c/a\u003e from mikepenz/renovate/glob-13.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/compare/a34a8009a9588bb86b02a873cf592440e96a5da8...bcae7115752d4ed746ff92feb666574428a79415\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.5.0 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNod...\n\n_Description has been truncated_","html_url":"https://github.com/bendoerr-terraform-modules/terraform-aws-tfstate/pull/193","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bendoerr-terraform-modules%2Fterraform-aws-tfstate/issues/193","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/193/packages"}},{"old_version":"0.9.1","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-11T21:33:42.000Z","version_change":"0.9.1 → 0.10.0","issue":{"uuid":"4424460252","node_id":"PR_kwDOK4HaY87abxyS","number":149,"state":"closed","title":"⬆️ (deps-ghaction): Bump the github-actions group across 1 directory with 13 updates","user":"dependabot[bot]","labels":["dependencies","github_actions"],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":"2026-05-18T23:33:04.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T21:33:42.000Z","updated_at":"2026-05-18T23:33:06.000Z","time_to_close":611962,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"⬆️ (deps-ghaction): Bump","group_name":"github-actions","update_count":13,"packages":[{"name":"step-security/harden-runner","old_version":"2.15.0","new_version":"2.19.1","repository_url":"https://github.com/step-security/harden-runner"},{"name":"actions/setup-go","old_version":"6.3.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-go"},{"name":"github/codeql-action","old_version":"4.32.5","new_version":"4.35.4","repository_url":"https://github.com/github/codeql-action"},{"name":"actions/dependency-review-action","old_version":"4.8.3","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"},{"name":"reviewdog/action-golangci-lint","old_version":"2.8.0","new_version":"2.10.0","repository_url":"https://github.com/reviewdog/action-golangci-lint"},{"name":"reviewdog/action-alex","old_version":"1.16.0","new_version":"1.16.1","repository_url":"https://github.com/reviewdog/action-alex"},{"name":"reviewdog/action-actionlint","old_version":"1.71.0","new_version":"1.72.0","repository_url":"https://github.com/reviewdog/action-actionlint"},{"name":"mikepenz/release-changelog-builder-action","old_version":"6.1.1","new_version":"6.2.1","repository_url":"https://github.com/mikepenz/release-changelog-builder-action"},{"name":"softprops/action-gh-release","old_version":"2.5.0","new_version":"3.0.0","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"actions/upload-artifact","old_version":"7.0.0","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"webfactory/ssh-agent","old_version":"0.9.1","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"aws-actions/configure-aws-credentials","old_version":"6.0.0","new_version":"6.1.1","repository_url":"https://github.com/aws-actions/configure-aws-credentials"},{"name":"test-summary/action","old_version":"2.4","new_version":"2.6","repository_url":"https://github.com/test-summary/action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 13 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.15.0` | `2.19.1` |\n| [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` | `6.4.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.5` | `4.35.4` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.3` | `5.0.0` |\n| [reviewdog/action-golangci-lint](https://github.com/reviewdog/action-golangci-lint) | `2.8.0` | `2.10.0` |\n| [reviewdog/action-alex](https://github.com/reviewdog/action-alex) | `1.16.0` | `1.16.1` |\n| [reviewdog/action-actionlint](https://github.com/reviewdog/action-actionlint) | `1.71.0` | `1.72.0` |\n| [mikepenz/release-changelog-builder-action](https://github.com/mikepenz/release-changelog-builder-action) | `6.1.1` | `6.2.1` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.5.0` | `3.0.0` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.1` | `0.10.0` |\n| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.1` |\n| [test-summary/action](https://github.com/test-summary/action) | `2.4` | `2.6` |\n\n\nUpdates `step-security/harden-runner` from 2.15.0 to 2.19.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/step-security/harden-runner/releases\"\u003estep-security/harden-runner's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.19.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: detect ubuntu-slim runners early and bail out by \u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix changes\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eHarden-Runner will detect \u003ccode\u003eubuntu-slim\u003c/code\u003e runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eWhat the fix does not do\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eJobs running on \u003ccode\u003eubuntu-slim\u003c/code\u003e will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).\u003c/li\u003e\n\u003cli\u003ePer GitHub's docs on \u003ca href=\"https://docs.github.com/en/actions/reference/runners/github-hosted-runners#single-cpu-runners\"\u003esingle-CPU runners\u003c/a\u003e: \u0026quot;The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported.\u0026quot;  Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eFor StepSecurity enterprise customers\nIf your security posture requires that workflows are always monitored, you can block the use of \u003ccode\u003eubuntu-slim\u003c/code\u003e via workflow run policies see the \u003ca href=\"https://docs.stepsecurity.io/workflow-run-policies/policies#runner-label-policy\"\u003eRunner Label Policy\u003c/a\u003e docs. This lets you enforce that jobs only run on monitored runner types.\u003c/p\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/devantler\"\u003e\u003ccode\u003e@​devantler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/step-security/harden-runner/pull/657\"\u003estep-security/harden-runner#657\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.19.0...v2.19.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.19.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eNew Runner Support\u003c/h3\u003e\n\u003cp\u003eHarden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.\u003c/p\u003e\n\u003ch3\u003eAutomated Incident Response for Supply Chain Attacks\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eGlobal block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.\u003c/li\u003e\n\u003cli\u003eSystem-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eBug Fixes\u003c/h3\u003e\n\u003cp\u003eWindows and macOS: stability and reliability fixes\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.18.0...v2.19.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.18.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eGlobal Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.\u003c/p\u003e\n\u003cp\u003eDeploy on Self-Hosted VM: Added \u003ccode\u003edeploy-on-self-hosted-vm\u003c/code\u003e input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.17.0...v2.18.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.17.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003ePolicy Store Support\u003c/h3\u003e\n\u003cp\u003eAdded \u003ccode\u003euse-policy-store\u003c/code\u003e and \u003ccode\u003eapi-key\u003c/code\u003e inputs to fetch security policies directly from the \u003ca href=\"https://docs.stepsecurity.io/harden-runner/policy-store\"\u003eStepSecurity Policy Store\u003c/a\u003e. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing \u003ccode\u003epolicy\u003c/code\u003e input which requires \u003ccode\u003eid-token: write\u003c/code\u003e permission. If no policy is found in the store, the action defaults to audit mode.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0\"\u003ehttps://github.com/step-security/harden-runner/compare/v2.16.1...v2.17.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.16.1\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003e\u003ccode\u003ea5ad31d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/657\"\u003e#657\u003c/a\u003e from devantler/fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6e928567d74554b8842dd434908da31c593ba85c\"\u003e\u003ccode\u003e6e92856\u003c/code\u003e\u003c/a\u003e build dist and trim ubuntu-slim message\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/4e0504ee086374bdec7064e5c26d48af41ba6209\"\u003e\u003ccode\u003e4e0504e\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into fix/ubuntu-slim-user-env\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/8d3c67de8e2fe68ef647c8db1e6a09f647780f40\"\u003e\u003ccode\u003e8d3c67d\u003c/code\u003e\u003c/a\u003e Release v2.19.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/661\"\u003e#661\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/6c3c2f2c1c457b00c10c4848d6f5491db3b629df\"\u003e\u003ccode\u003e6c3c2f2\u003c/code\u003e\u003c/a\u003e Feature/deploy on self hosted vm (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/658\"\u003e#658\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/376d25a97f3a1640ff8cbbddaa4af25948df2cf3\"\u003e\u003ccode\u003e376d25a\u003c/code\u003e\u003c/a\u003e fix: detect ubuntu-slim runners early and bail out\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/f808768d1510423e83855289c910610ca9b43176\"\u003e\u003ccode\u003ef808768\u003c/code\u003e\u003c/a\u003e Feature/policy store (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/656\"\u003e#656\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fe104658747b27e96e4f7e80cd0a94068e53901d\"\u003e\u003ccode\u003efe10465\u003c/code\u003e\u003c/a\u003e v2.16.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/654\"\u003e#654\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594\"\u003e\u003ccode\u003efa2e9d6\u003c/code\u003e\u003c/a\u003e Release v2.16.0 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/646\"\u003e#646\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/step-security/harden-runner/commit/58077d3c7e43986b6b15fba718e8ea69e387dfcc\"\u003e\u003ccode\u003e58077d3\u003c/code\u003e\u003c/a\u003e Release v2.15.1 (\u003ca href=\"https://redirect.github.com/step-security/harden-runner/issues/641\"\u003e#641\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...a5ad31d6a139d249332a2605b85202e8c0b78450\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-go` from 6.3.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-go/releases\"\u003eactions/setup-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd go-download-base-url input for custom Go distributions by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/721\"\u003eactions/setup-go#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDependency update\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade minimatch from 3.1.2 to 3.1.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/727\"\u003eactions/setup-go#727\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation update\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eRearrange README.md, add advanced-usage.md by \u003ca href=\"https://github.com/priyagupta108\"\u003e\u003ccode\u003e@​priyagupta108\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/724\"\u003eactions/setup-go#724\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix Microsoft build of Go link by \u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/734\"\u003eactions/setup-go#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/gdams\"\u003e\u003ccode\u003e@​gdams\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/setup-go/pull/721\"\u003eactions/setup-go#721\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/setup-go/compare/v6...v6.4.0\"\u003ehttps://github.com/actions/setup-go/compare/v6...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c\"\u003e\u003ccode\u003e4a36011\u003c/code\u003e\u003c/a\u003e docs: fix Microsoft build of Go link (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/734\"\u003e#734\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d\"\u003e\u003ccode\u003e8f19afc\u003c/code\u003e\u003c/a\u003e feat: add go-download-base-url input for custom Go distributions (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/721\"\u003e#721\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a\"\u003e\u003ccode\u003e27fdb26\u003c/code\u003e\u003c/a\u003e Bump minimatch from 3.1.2 to 3.1.5 (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/727\"\u003e#727\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b\"\u003e\u003ccode\u003edef8c39\u003c/code\u003e\u003c/a\u003e Rearrange README.md, add advanced-usage.md (\u003ca href=\"https://redirect.github.com/actions/setup-go/issues/724\"\u003e#724\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.32.5 to 4.35.4\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.4\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.34.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.33.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using advanced setup:\u003c/strong\u003e Set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3555\"\u003ea bug\u003c/a\u003e which caused the CodeQL Action to fail loading repository properties if a \u0026quot;Multi select\u0026quot; repository property was configured for the repository. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3557\"\u003e#3557\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eThe CodeQL Action now loads \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003ecustom repository properties\u003c/a\u003e on GitHub Enterprise Server, enabling the customization of features such as \u003ccode\u003egithub-codeql-disable-overlay\u003c/code\u003e that was previously only available on GitHub.com. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3559\"\u003e#3559\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eOnce \u003ca href=\"https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries\"\u003eprivate package registries\u003c/a\u003e can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3563\"\u003e#3563\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eFixed the retry mechanism for database uploads. Previously this would fail with the error \u0026quot;Response body object should not be disturbed or locked\u0026quot;. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3564\"\u003e#3564\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003cli\u003e\n\u003cp\u003eA warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3570\"\u003e#3570\u003c/a\u003e\u003c/p\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.32.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3548\"\u003e#3548\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.35.4 - 07 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4\"\u003e2.25.4\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3881\"\u003e#3881\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003e\u003ccode\u003e68bde55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3885\"\u003e#3885\u003c/a\u003e from github/update-v4.35.4-803d9e8c3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/9739ad2d182c072da0d01a6887f7f39620f71b1e\"\u003e\u003ccode\u003e9739ad2\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/803d9e8c3ca8b0dd2029a1da3b541a18b6bfb076\"\u003e\u003ccode\u003e803d9e8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3883\"\u003e#3883\u003c/a\u003e from github/mbg/test/macro-wrapper\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/0fd9c7d1358a7404e46ed8165f12262f56bd1434\"\u003e\u003ccode\u003e0fd9c7d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3882\"\u003e#3882\u003c/a\u003e from github/dependabot/github_actions/dot-github/wor...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/922d6fb888d665134eb982b150b8912dbd48e21a\"\u003e\u003ccode\u003e922d6fb\u003c/code\u003e\u003c/a\u003e Use \u003ccode\u003emakeMacro\u003c/code\u003e instead of \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/df77e87896689b5c736433984c5df14d86c63d56\"\u003e\u003ccode\u003edf77e87\u003c/code\u003e\u003c/a\u003e Update test macro snippet\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/6e3f985e4fc409a188c7701b68c4dec158c9ced3\"\u003e\u003ccode\u003e6e3f985\u003c/code\u003e\u003c/a\u003e Add wrapper for \u003ccode\u003etest.macro\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e7a347dfb1bfb7a858347623fcb4f650effca6b5\"\u003e\u003ccode\u003ee7a347d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3881\"\u003e#3881\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/17eabb2500031486a71e00ecbcb72c73804a6c9f\"\u003e\u003ccode\u003e17eabb2\u003c/code\u003e\u003c/a\u003e Rebuild\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/aaef09c48db2dd7f0100363de1785963a34cd706\"\u003e\u003ccode\u003eaaef09c\u003c/code\u003e\u003c/a\u003e Bump ruby/setup-ruby\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...68bde559dea0fdcac2102bfdf6230c5f70eb485e\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/dependency-review-action` from 4.8.3 to 5.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/dependency-review-action/releases\"\u003eactions/dependency-review-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e5.0.0\u003c/h2\u003e\n\u003cp\u003eThis is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003ev2.327.1\u003c/a\u003e to run.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd .github/copilot-instructions.md for Copilot coding agent by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1067\"\u003eactions/dependency-review-action#1067\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate Node.js runtime from 20 to 24 by \u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump spdx-license-ids from 3.0.20 to 3.0.23 by \u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: bump actions/checkout from v4 to v6 in workflow examples by \u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by \u003ca href=\"https://github.com/tspascoal\"\u003e\u003ccode\u003e@​tspascoal\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1076\"\u003eactions/dependency-review-action#1076\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eResolve security findings by \u003ca href=\"https://github.com/AshelyTC\"\u003e\u003ccode\u003e@​AshelyTC\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1094\"\u003eactions/dependency-review-action#1094\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev5.0.0 release branch by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1098\"\u003eactions/dependency-review-action#1098\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/scottschreckengaust\"\u003e\u003ccode\u003e@​scottschreckengaust\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1084\"\u003eactions/dependency-review-action#1084\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mongolyy\"\u003e\u003ccode\u003e@​mongolyy\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1091\"\u003eactions/dependency-review-action#1091\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Marukome0743\"\u003e\u003ccode\u003e@​Marukome0743\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1077\"\u003eactions/dependency-review-action#1077\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.9.0...v5.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003eDependency Review Action 4.9.0\u003c/h2\u003e\n\u003cp\u003eThis feature release contains a couple of notable changes:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThere is a new configuration option \u003ccode\u003eshow_patched_versions\u003c/code\u003e which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eRuns which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003cli\u003eThere are a couple of fixes to purl parsing which should improve match accuracy for \u003ccode\u003eallow-package-dependency\u003c/code\u003e lists, including case (in)sensitivity and url-encoded namespaces Thanks \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e!\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCompare normalized purls to account for encoding quirks by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1056\"\u003eactions/dependency-review-action#1056\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMake purl comparisons case insensitive by \u003ca href=\"https://github.com/juxtin\"\u003e\u003ccode\u003e@​juxtin\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1057\"\u003eactions/dependency-review-action#1057\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFeat: Add \u003ccode\u003ePatched Version\u003c/code\u003e to \u003ccode\u003eVulnerabilities\u003c/code\u003e summary by \u003ca href=\"https://github.com/felickz\"\u003e\u003ccode\u003e@​felickz\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1045\"\u003eactions/dependency-review-action#1045\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: only get scorecard levels if user wants to see the OpenSSF scorecard by \u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/stale from 10.1.0 to 10.2.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1058\"\u003eactions/dependency-review-action#1058\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 4 to 6 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1021\"\u003eactions/dependency-review-action#1021\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdates for release 4.9.0 by \u003ca href=\"https://github.com/ahpook\"\u003e\u003ccode\u003e@​ahpook\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1064\"\u003eactions/dependency-review-action#1064\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jantiebot\"\u003e\u003ccode\u003e@​jantiebot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/pull/1060\"\u003eactions/dependency-review-action#1060\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\"\u003ehttps://github.com/actions/dependency-review-action/compare/v4.8.3...v4.9.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003e\u003ccode\u003ea1d282b\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1098\"\u003e#1098\u003c/a\u003e from actions/ahpook/v5-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/eb6c199c5a85c7387f1f0b02b3ba5c6364740695\"\u003e\u003ccode\u003eeb6c199\u003c/code\u003e\u003c/a\u003e update examples to show \u003ca href=\"https://github.com/v5\"\u003e\u003ccode\u003e@​v5\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/3943c2c5beaaaf1806eb3758273c203dabcbf89c\"\u003e\u003ccode\u003e3943c2c\u003c/code\u003e\u003c/a\u003e v5.0.0 release branch\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/454943c880b147adbfe7de0cdd3ece1c00882033\"\u003e\u003ccode\u003e454943c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1094\"\u003e#1094\u003c/a\u003e from actions/ashelytc/security-findings\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/6d92a1228e9e9db334f02c09f84fe9217d2b4463\"\u003e\u003ccode\u003e6d92a12\u003c/code\u003e\u003c/a\u003e revert \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e update\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/a8e5a7e93695b41abf6d1083cd220bee39a720f0\"\u003e\u003ccode\u003ea8e5a7e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1076\"\u003e#1076\u003c/a\u003e from tspascoal/fix-version-matching-for-non-string-s...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/b6b7079031ef4ed61656c221988f1f3bcbf35101\"\u003e\u003ccode\u003eb6b7079\u003c/code\u003e\u003c/a\u003e update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e to 8.40.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/821a21dd691f162c4c5c2e9754a344accde9a208\"\u003e\u003ccode\u003e821a21d\u003c/code\u003e\u003c/a\u003e update more dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/05aaaae45cf4c420de012addf2a72e3435ddaa63\"\u003e\u003ccode\u003e05aaaae\u003c/code\u003e\u003c/a\u003e run npm audit fix\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/dependency-review-action/commit/55d3e754501fc13c84b95637ce51f135012d41ea\"\u003e\u003ccode\u003e55d3e75\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/dependency-review-action/issues/1077\"\u003e#1077\u003c/a\u003e from Marukome0743/docs/checkout\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/dependency-review-action/compare/05fe4576374b728f0c523d6a13d64c25081e0803...a1d282b36b6f3519aa1f3fc636f609c47dddb294\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-golangci-lint` from 2.8.0 to 2.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/releases\"\u003ereviewdog/action-golangci-lint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v2.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: update go download url by \u003ca href=\"https://github.com/kurochan\"\u003e\u003ccode\u003e@​kurochan\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/817\"\u003ereviewdog/action-golangci-lint#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.19.37 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/802\"\u003ereviewdog/action-golangci-lint#802\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.4.6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/805\"\u003ereviewdog/action-golangci-lint#805\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​vercel/ncc\u003c/code\u003e to v0.38.4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/812\"\u003ereviewdog/action-golangci-lint#812\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v4.3.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/813\"\u003ereviewdog/action-golangci-lint#813\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency eslint-plugin-import to v2.32.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/814\"\u003ereviewdog/action-golangci-lint#814\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e and eslint-plugin-jest by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/818\"\u003ereviewdog/action-golangci-lint#818\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency prettier to v3.8.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/819\"\u003ereviewdog/action-golangci-lint#819\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency typescript to v5.9.3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/820\"\u003ereviewdog/action-golangci-lint#820\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.32.6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/821\"\u003ereviewdog/action-golangci-lint#821\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-actionlint action to v1.71.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/822\"\u003ereviewdog/action-golangci-lint#822\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-eslint action to v1.34.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/823\"\u003ereviewdog/action-golangci-lint#823\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade Node.js runtime to v24 by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/824\"\u003ereviewdog/action-golangci-lint#824\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eMigrate to ES Modules with Rollup by \u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/825\"\u003ereviewdog/action-golangci-lint#825\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/checkout action to v6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/827\"\u003ereviewdog/action-golangci-lint#827\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ebump eslint 10.0.3 by \u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/832\"\u003ereviewdog/action-golangci-lint#832\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eintroduce bundle script by \u003ca href=\"https://github.com/shogo82148\"\u003e\u003ccode\u003e@​shogo82148\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/835\"\u003ereviewdog/action-golangci-lint#835\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update node.js to v24.14.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/836\"\u003ereviewdog/action-golangci-lint#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-node action to v6 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/828\"\u003ereviewdog/action-golangci-lint#828\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/829\"\u003ereviewdog/action-golangci-lint#829\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/kurochan\"\u003e\u003ccode\u003e@​kurochan\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/817\"\u003ereviewdog/action-golangci-lint#817\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Copilot\"\u003e\u003ccode\u003e@​Copilot\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/824\"\u003ereviewdog/action-golangci-lint#824\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/compare/v2.9.0...v2.10.0\"\u003ehttps://github.com/reviewdog/action-golangci-lint/compare/v2.9.0...v2.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.9.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate Go to v1.23 by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/783\"\u003ereviewdog/action-golangci-lint#783\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(config): migrate renovate config by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/784\"\u003ereviewdog/action-golangci-lint#784\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.28.13 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/781\"\u003ereviewdog/action-golangci-lint#781\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/semver\u003c/code\u003e to v7.7.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/786\"\u003ereviewdog/action-golangci-lint#786\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.17.28 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/787\"\u003ereviewdog/action-golangci-lint#787\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd CI to check golintci-lint config by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/790\"\u003ereviewdog/action-golangci-lint#790\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e.golangci.v1.yml: disable golint by \u003ca href=\"https://github.com/massongit\"\u003e\u003ccode\u003e@​massongit\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/791\"\u003ereviewdog/action-golangci-lint#791\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.3.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/792\"\u003ereviewdog/action-golangci-lint#792\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency ts-jest to v29.3.2 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/799\"\u003ereviewdog/action-golangci-lint#799\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update actions/setup-node action to v4.4.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/800\"\u003ereviewdog/action-golangci-lint#800\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.28.15 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/796\"\u003ereviewdog/action-golangci-lint#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency \u003ccode\u003e@​types/node\u003c/code\u003e to v20.17.30 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/793\"\u003ereviewdog/action-golangci-lint#793\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency typescript to v5.8.3 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/794\"\u003ereviewdog/action-golangci-lint#794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency js-yaml to v4.1.1 [security] by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/810\"\u003ereviewdog/action-golangci-lint#810\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update \u003ccode\u003e@​typescript-eslint/parser\u003c/code\u003e and eslint-plugin-jest (major) by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/727\"\u003ereviewdog/action-golangci-lint#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update haya14busa/action-bumpr action to v1.11.4 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/795\"\u003ereviewdog/action-golangci-lint#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update haya14busa/action-update-semver action to v1.5.1 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/797\"\u003ereviewdog/action-golangci-lint#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update github/codeql-action action to v3.31.8 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/pull/801\"\u003ereviewdog/action-golangci-lint#801\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/c76cceaaab89abe74e649d2e34c6c9adc26662d2\"\u003e\u003ccode\u003ec76ccea\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/829\"\u003e#829\u003c/a\u003e from reviewdog/renovate/github-codeql-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/6381f9840173f5bf1dd06c6c05ea4735db76f0be\"\u003e\u003ccode\u003e6381f98\u003c/code\u003e\u003c/a\u003e chore(deps): update github/codeql-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/89de6bb90b32be99e9910a2888948ed3dfe6af7d\"\u003e\u003ccode\u003e89de6bb\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/828\"\u003e#828\u003c/a\u003e from reviewdog/renovate/actions-setup-node-6.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/0c74698972d41c9418acf5e16e13e114ff2cad7f\"\u003e\u003ccode\u003e0c74698\u003c/code\u003e\u003c/a\u003e chore(deps): update actions/setup-node action to v6\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/d0c4e9d9525555e62a0d54cf67b89c96f00437a1\"\u003e\u003ccode\u003ed0c4e9d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/836\"\u003e#836\u003c/a\u003e from reviewdog/renovate/node-24.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/c2a63d69d1acbfa831c574899e630f70f29c445d\"\u003e\u003ccode\u003ec2a63d6\u003c/code\u003e\u003c/a\u003e chore(deps): update node.js to v24.14.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/3943b33a58d990d2bddbe92ad09d129a532ad6a0\"\u003e\u003ccode\u003e3943b33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-golangci-lint/issues/835\"\u003e#835\u003c/a\u003e from reviewdog/introduce-bundle-script\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/575ba3109bc3234b78d0520562beb2c4a40d62bb\"\u003e\u003ccode\u003e575ba31\u003c/code\u003e\u003c/a\u003e update dependencies\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/a69b2ade8c81d090c53095e9ba3f2efc838080f9\"\u003e\u003ccode\u003ea69b2ad\u003c/code\u003e\u003c/a\u003e bump lockfileVersion to 3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-golangci-lint/commit/2a19ff60992f354a2e04a69b10e22decd658eaf5\"\u003e\u003ccode\u003e2a19ff6\u003c/code\u003e\u003c/a\u003e install rimraf\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reviewdog/action-golangci-lint/compare/f9bba13753278f6a73b27a56a3ffb1bfda90ed71...c76cceaaab89abe74e649d2e34c6c9adc26662d2\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-alex` from 1.16.0 to 1.16.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-alex/releases\"\u003ereviewdog/action-alex's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.16.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eREADME: Pin GitHub Actions with commit SHA using pinact by \u003ca href=\"https://github.com/haya14busa\"\u003e\u003ccode\u003e@​haya14busa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/47\"\u003ereviewdog/action-alex#47\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): update reviewdog/action-shellcheck action to v1.30.0 by \u003ca href=\"https://github.com/renovate\"\u003e\u003ccode\u003e@​renovate\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/48\"\u003ereviewdog/action-alex#48\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: propagate exit code for fail_on_error support by \u003ca href=\"https://github.com/vincent067\"\u003e\u003ccode\u003e@​vincent067\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/59\"\u003ereviewdog/action-alex#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/vincent067\"\u003e\u003ccode\u003e@​vincent067\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/pull/59\"\u003ereviewdog/action-alex#59\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/reviewdog/action-alex/compare/v1.16.0...v1.16.1\"\u003ehttps://github.com/reviewdog/action-alex/compare/v1.16.0...v1.16.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/b6673b547eeb6d430c87ef02dc3524bdf34e324d\"\u003e\u003ccode\u003eb6673b5\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/59\"\u003e#59\u003c/a\u003e from vincent067/fix-fail-on-error-exit-code\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/117bd5855dea9fbf4f62bed06615f4fd01840569\"\u003e\u003ccode\u003e117bd58\u003c/code\u003e\u003c/a\u003e fix: propagate exit code to make fail_on_error work correctly\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/ee2bd61307cf0eb11f6ce460d58352e10bf4b8b7\"\u003e\u003ccode\u003eee2bd61\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/48\"\u003e#48\u003c/a\u003e from reviewdog/renovate/reviewdog-action-shellcheck-1.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/7b37af6b84908d4e7515e4bc81a94e83b435375d\"\u003e\u003ccode\u003e7b37af6\u003c/code\u003e\u003c/a\u003e chore(deps): update reviewdog/action-shellcheck action to v1.30.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/dd45e4f3127a4bb11c96a375adbdecdf27218d55\"\u003e\u003ccode\u003edd45e4f\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-alex/issues/47\"\u003e#47\u003c/a\u003e from reviewdog/pinact-readme-20250319-031733\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-alex/commit/0fa17b0d9543cae655526dc38be46d954d1d42a9\"\u003e\u003ccode\u003e0fa17b0\u003c/code\u003e\u003c/a\u003e README: Pin GitHub Actions with commit SHA using pinact\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/reviewdog/action-alex/compare/6083b8ca333981fa617c6828c5d8fb21b13d916b...b6673b547eeb6d430c87ef02dc3524bdf34e324d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `reviewdog/action-actionlint` from 1.71.0 to 1.72.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/reviewdog/action-actionlint/releases\"\u003ereviewdog/action-actionlint's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003eRelease v1.72.0\u003c/h2\u003e\n\u003cp\u003ev1.72.0: PR \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/196\"\u003e#196\u003c/a\u003e - chore(deps): update actionlint to 1.7.12\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/6fb7acc99f4a1008869fa8a0f09cfca740837d9d\"\u003e\u003ccode\u003e6fb7acc\u003c/code\u003e\u003c/a\u003e bump v1.72.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/b2a904a8c140063d06dc5319ba69a672d7a4909d\"\u003e\u003ccode\u003eb2a904a\u003c/code\u003e\u003c/a\u003e Merge branch 'main' into releases/v1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/5eaffa19a1991ecc52b11eddcdd57760d1ac7e3d\"\u003e\u003ccode\u003e5eaffa1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/196\"\u003e#196\u003c/a\u003e from reviewdog/depup/actionlint\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/39a67548aa7718c321746aa5a54a9e8034505cde\"\u003e\u003ccode\u003e39a6754\u003c/code\u003e\u003c/a\u003e chore(deps): update actionlint to 1.7.12\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/d39025c0fb1cc41ac827852403ea94804b0e6907\"\u003e\u003ccode\u003ed39025c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/195\"\u003e#195\u003c/a\u003e from reviewdog/renovate/docker-setup-buildx-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/2e8272d25ca2b89be8abc6a0b65c8c5e8a5eae05\"\u003e\u003ccode\u003e2e8272d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/194\"\u003e#194\u003c/a\u003e from reviewdog/renovate/docker-setup-qemu-action-4.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/128d9b7b1e43f8eaef5602138f5c9f80ee3c3149\"\u003e\u003ccode\u003e128d9b7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/190\"\u003e#190\u003c/a\u003e from reviewdog/renovate/shogo82148-actions-create-rel...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/1674e4f79a2bf9c94d1d301e60b8f8226eea0137\"\u003e\u003ccode\u003e1674e4f\u003c/code\u003e\u003c/a\u003e chore(deps): update docker/setup-buildx-action action to v4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/8fdb9d20764d93bca3a294fe7fd615fcf8a82332\"\u003e\u003ccode\u003e8fdb9d2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/189\"\u003e#189\u003c/a\u003e from reviewdog/renovate/docker-setup-buildx-action-3.x\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/reviewdog/action-actionlint/commit/a518ce8798c4eda875ca9e369388679ec67ac3ac\"\u003e\u003ccode\u003ea518ce8\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/reviewdog/action-actionlint/issues/188\"\u003e#188\u003c/a\u003e from reviewdog/renovate/peter-evans-create-pull-reque...\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/reviewdog/action-actionlint/compare/0d952c597ef8459f634d7145b0b044a9699e5e43...6fb7acc99f4a1008869fa8a0f09cfca740837d9d\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `mikepenz/release-changelog-builder-action` from 6.1.1 to 6.2.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/releases\"\u003emikepenz/release-changelog-builder-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.2.1\u003c/h2\u003e\n\u003ch2\u003e🐛 Fixes\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix: handle multi-line commit bodies in git log parsing\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1553\"\u003e#1553\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e💬 Other\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: remove Renovate workflow\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1551\"\u003e#1551\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eContributors:\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz\"\u003e\u003ccode\u003e@​mikepenz\u003c/code\u003e\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.2.0\u003c/h2\u003e\n\u003ch2\u003e💬 Other\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSecurity hardening: Renovate, SHA-pinned actions, least-privilege permissions\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1536\"\u003e#1536\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003efix: use PR author for commit-dist job condition\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1541\"\u003e#1541\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e📦 Dependencies\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump actions/upload-artifact from 6 to 7\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1523\"\u003e#1523\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump mikepenz/action-gh-release from 1 to 2\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1529\"\u003e#1529\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1531\"\u003e#1531\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump the dev-dependencies group with 4 updates\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1532\"\u003e#1532\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump vitest from 4.0.18 to 4.1.0\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1533\"\u003e#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump https-proxy-agent from 7.0.6 to 8.0.0\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1534\"\u003e#1534\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1535\"\u003e#1535\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency glob to v11.1.0 [security]\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1537\"\u003e#1537\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): pin mikepenz/release-changelog-builder-action action to d7b8cec\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1539\"\u003e#1539\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update dependency undici to v7\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1540\"\u003e#1540\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore: upgrade TypeScript to v6\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1543\"\u003e#1543\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore: pin all dependencies to exact versions\n\u003cul\u003e\n\u003cli\u003ePR: \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1544\"\u003e#1544\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003echore(deps): update mikepenz/release-changelog-builder-action digest to a77ddc5\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/bcae7115752d4ed746ff92feb666574428a79415\"\u003e\u003ccode\u003ebcae711\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1554\"\u003e#1554\u003c/a\u003e from mikepenz/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/5795a331a1896dc0d5df89bc33a6eb5f85ec3381\"\u003e\u003ccode\u003e5795a33\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1553\"\u003e#1553\u003c/a\u003e from mikepenz/fix/multiline-commit-body-parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/f5544cb178b60efb5ed9c2103aec3ae8d1347aab\"\u003e\u003ccode\u003ef5544cb\u003c/code\u003e\u003c/a\u003e fix: use git %x00/%x1f format placeholders instead of literal bytes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/7ebd13b3034b0e0464e3cc5cc63a215af1670fa3\"\u003e\u003ccode\u003e7ebd13b\u003c/code\u003e\u003c/a\u003e fix: use non-printable separators for robust git log parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/787f65d59db64ae02a78eadabe1caa8b270adc8d\"\u003e\u003ccode\u003e787f65d\u003c/code\u003e\u003c/a\u003e fix: handle multi-line commit bodies in git log parsing\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/1d37aec5da47494e13cc58a287454b75bc26d516\"\u003e\u003ccode\u003e1d37aec\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1551\"\u003e#1551\u003c/a\u003e from mikepenz/chore/remove-renovate-workflow\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/a8e74a6c873da1027f31c319e4a4cd2672fb6e5f\"\u003e\u003ccode\u003ea8e74a6\u003c/code\u003e\u003c/a\u003e chore: override vite to 8.0.5 to fix vulnerabilities\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/202a06fc65105d3872e2a97b05c4716008434838\"\u003e\u003ccode\u003e202a06f\u003c/code\u003e\u003c/a\u003e chore: remove Renovate workflow (using self-hosted app instead)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/2cb9befdbc05f65b8354cc9873cd506509bd0782\"\u003e\u003ccode\u003e2cb9bef\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1547\"\u003e#1547\u003c/a\u003e from mikepenz/develop\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/commit/0cc28988c351cc996275143ae3ea584dcc19d31d\"\u003e\u003ccode\u003e0cc2898\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/mikepenz/release-changelog-builder-action/issues/1546\"\u003e#1546\u003c/a\u003e from mikepenz/renovate/glob-13.x\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/mikepenz/release-changelog-builder-action/compare/a34a8009a9588bb86b02a873cf592440e96a5da8...bcae7115752d4ed746ff92feb666574428a79415\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2.5.0 to 3.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNod...\n\n_Description has been truncated_","html_url":"https://github.com/bendoerr-terraform-modules/terraform-aws-tfuser/pull/149","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/bendoerr-terraform-modules%2Fterraform-aws-tfuser/issues/149","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/149/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-11T18:51:43.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4423439873","node_id":"PR_kwDORoHcRs7aYbPu","number":205,"state":"closed","title":"chore(deps): bump the github-actions group across 1 directory with 12 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-23T08:58:08.000Z","author_association":null,"state_reason":null,"created_at":"2026-05-11T18:51:43.000Z","updated_at":"2026-05-23T08:58:09.000Z","time_to_close":1001185,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"github-actions","update_count":12,"packages":[{"name":"actions/checkout","old_version":"4.3.1","new_version":"6.0.2","repository_url":"https://github.com/actions/checkout"},{"name":"docker/setup-buildx-action","old_version":"3.12.0","new_version":"4.0.0","repository_url":"https://github.com/docker/setup-buildx-action"},{"name":"docker/login-action","old_version":"3.7.0","new_version":"4.1.0","repository_url":"https://github.com/docker/login-action"},{"name":"docker/build-push-action","old_version":"6.19.2","new_version":"7.2.0","repository_url":"https://github.com/docker/build-push-action"},{"name":"actions/attest-build-provenance","old_version":"2.4.0","new_version":"4.1.0","repository_url":"https://github.com/actions/attest-build-provenance"},{"name":"sigstore/cosign-installer","old_version":"3.7.0","new_version":"4.1.2","repository_url":"https://github.com/sigstore/cosign-installer"},{"name":"actions/upload-artifact","old_version":"4.6.2","new_version":"7.0.1","repository_url":"https://github.com/actions/upload-artifact"},{"name":"actions/download-artifact","old_version":"4.3.0","new_version":"8.0.1","repository_url":"https://github.com/actions/download-artifact"},{"name":"actions/setup-go","old_version":"5.6.0","new_version":"6.4.0","repository_url":"https://github.com/actions/setup-go"},{"name":"github/codeql-action","old_version":"3.35.2","new_version":"4.35.5","repository_url":"https://github.com/github/codeql-action"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"actions/dependency-review-action","old_version":"4.9.0","new_version":"5.0.0","repository_url":"https://github.com/actions/dependency-review-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the github-actions group with 12 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |\n| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` |\n| [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.1.0` |\n| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.2.0` |\n| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `4.1.0` |\n| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.7.0` | `4.1.2` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` |\n| [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.35.2` | `4.35.5` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |\n\n\nUpdates `actions/checkout` from 4.3.1 to 6.0.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2355\"\u003eactions/checkout#2355\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6.0.1...v6.0.2\"\u003ehttps://github.com/actions/checkout/compare/v6.0.1...v6.0.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate all references from v5 and v4 to v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2314\"\u003eactions/checkout#2314\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eClarify v6 README by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2328\"\u003eactions/checkout#2328\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v6...v6.0.1\"\u003ehttps://github.com/actions/checkout/compare/v6...v6.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePrepare v5.0.0 release by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2238\"\u003eactions/checkout#2238\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e⚠️ Minimum Compatible Runner Version\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003ev2.327.1\u003c/strong\u003e\u003cbr /\u003e\n\u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eRelease Notes\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/blob/main/CHANGELOG.md\"\u003eactions/checkout's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003ch2\u003ev6.0.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix tag handling: preserve annotations and explicit fetch-tags by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2356\"\u003eactions/checkout#2356\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd worktree support for persist-credentials includeIf by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2327\"\u003eactions/checkout#2327\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate actions checkout to use node 24 by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2226\"\u003eactions/checkout#2226\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v4 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2305\"\u003eactions/checkout#2305\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003edocs: update README.md by \u003ca href=\"https://github.com/motss\"\u003e\u003ccode\u003e@​motss\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1971\"\u003eactions/checkout#1971\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd internal repos for checking out multiple repositories by \u003ca href=\"https://github.com/mouismail\"\u003e\u003ccode\u003e@​mouismail\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1977\"\u003eactions/checkout#1977\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDocumentation update - add recommended permissions to Readme by \u003ca href=\"https://github.com/benwells\"\u003e\u003ccode\u003e@​benwells\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2043\"\u003eactions/checkout#2043\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdjust positioning of user email note and permissions heading by \u003ca href=\"https://github.com/joshmgross\"\u003e\u003ccode\u003e@​joshmgross\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2044\"\u003eactions/checkout#2044\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2194\"\u003eactions/checkout#2194\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate CODEOWNERS for actions by \u003ca href=\"https://github.com/TingluoHuang\"\u003e\u003ccode\u003e@​TingluoHuang\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2224\"\u003eactions/checkout#2224\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate package dependencies by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2236\"\u003eactions/checkout#2236\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ccode\u003eurl-helper.ts\u003c/code\u003e now leverages well-known environment variables by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1941\"\u003eactions/checkout#1941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eExpand unit test coverage for \u003ccode\u003eisGhes\u003c/code\u003e by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1946\"\u003eactions/checkout#1946\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.1\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck out other refs/* by commit if provided, fall back to ref by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1924\"\u003eactions/checkout#1924\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd Ref and Commit outputs by \u003ca href=\"https://github.com/lucacome\"\u003e\u003ccode\u003e@​lucacome\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1180\"\u003eactions/checkout#1180\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDependency updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e- \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1777\"\u003eactions/checkout#1777\u003c/a\u003e, \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1872\"\u003eactions/checkout#1872\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.7\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump the minor-npm-dependencies group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1739\"\u003eactions/checkout#1739\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump actions/checkout from 3 to 4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1697\"\u003eactions/checkout#1697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eCheck out other refs/* by commit by \u003ca href=\"https://github.com/orhantoy\"\u003e\u003ccode\u003e@​orhantoy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1774\"\u003eactions/checkout#1774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePin actions/checkout's own workflows to a known, good, stable version. by \u003ca href=\"https://github.com/jww3\"\u003e\u003ccode\u003e@​jww3\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1776\"\u003eactions/checkout#1776\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.6\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eCheck platform to set archive extension appropriately by \u003ca href=\"https://github.com/cory-miller\"\u003e\u003ccode\u003e@​cory-miller\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/1732\"\u003eactions/checkout#1732\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8\"\u003e\u003ccode\u003e08c6903\u003c/code\u003e\u003c/a\u003e Prepare v5.0.0 release (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2238\"\u003e#2238\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/checkout/compare/34e114876b0b11c390a56381ad16ebd13914f8d5...de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/setup-buildx-action` from 3.12.0 to 4.0.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/setup-buildx-action/releases\"\u003edocker/setup-buildx-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/483\"\u003edocker/setup-buildx-action#483\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated inputs/outputs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/464\"\u003edocker/setup-buildx-action#464\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/481\"\u003edocker/setup-buildx-action#481\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/475\"\u003edocker/setup-buildx-action#475\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/482\"\u003edocker/setup-buildx-action#482\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/485\"\u003edocker/setup-buildx-action#485\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/452\"\u003edocker/setup-buildx-action#452\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.21 to 4.17.23 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/472\"\u003edocker/setup-buildx-action#472\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/pull/480\"\u003edocker/setup-buildx-action#480\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\"\u003ehttps://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd\"\u003e\u003ccode\u003e4d04d5d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/485\"\u003e#485\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/cd74e05d9bae4eeec789f90ba15dc6fb4b60ae5d\"\u003e\u003ccode\u003ecd74e05\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/eee38ec7b3ed034ee896d3e212e5d11c04562b84\"\u003e\u003ccode\u003eeee38ec\u003c/code\u003e\u003c/a\u003e build(deps): bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.79.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/7a83f65b5a215b3c81b210dafdc20362bd2b4e24\"\u003e\u003ccode\u003e7a83f65\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/484\"\u003e#484\u003c/a\u003e from docker/dependabot/github_actions/docker/setup-qe...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/a5aa96747d67f62520b42af91aeb306e7374b327\"\u003e\u003ccode\u003ea5aa967\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/464\"\u003e#464\u003c/a\u003e from crazy-max/rm-deprecated\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/e73d53fa4ed86ff46faaf2b13a228d6e93c51af3\"\u003e\u003ccode\u003ee73d53f\u003c/code\u003e\u003c/a\u003e build(deps): bump docker/setup-qemu-action from 3 to 4\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/28a438e9ed9ef7ae2ebd0bf839039005c9501312\"\u003e\u003ccode\u003e28a438e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/setup-buildx-action/issues/483\"\u003e#483\u003c/a\u003e from crazy-max/node24\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/034e9d37dd436b56b0167bea5a11ab731413e8cf\"\u003e\u003ccode\u003e034e9d3\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/b4664d8fd0ba15ff14560ab001737c666076d5be\"\u003e\u003ccode\u003eb4664d8\u003c/code\u003e\u003c/a\u003e remove deprecated inputs/outputs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/setup-buildx-action/commit/a8257dec35f244ad06b4ff6c90fdd2ba97f262ba\"\u003e\u003ccode\u003ea8257de\u003c/code\u003e\u003c/a\u003e node 24 as default runtime\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/login-action` from 3.7.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/login-action/releases\"\u003edocker/login-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix scoped Docker Hub cleanup path when registry is omitted by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/945\"\u003edocker/login-action#945\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e and \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e to 3.1020.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/930\"\u003edocker/login-action#930\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.77.0 to 0.86.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/932\"\u003edocker/login-action#932\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/936\"\u003edocker/login-action#936\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/952\"\u003edocker/login-action#952\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.3.4 to 5.3.6 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/942\"\u003edocker/login-action#942\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/944\"\u003edocker/login-action#944\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/940\"\u003edocker/login-action#940\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/949\"\u003edocker/login-action#949\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump http-proxy-agent and https-proxy-agent to 8.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/937\"\u003edocker/login-action#937\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/958\"\u003edocker/login-action#958\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/941\"\u003edocker/login-action#941\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/948\"\u003edocker/login-action#948\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/938\"\u003edocker/login-action#938\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/docker/login-action/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/929\"\u003edocker/login-action#929\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/927\"\u003edocker/login-action#927\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/919\"\u003edocker/login-action#919\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​aws-sdk/client-ecr-public\u003c/code\u003e from 3.890.0 to 3.1000.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/909\"\u003edocker/login-action#909\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/920\"\u003edocker/login-action#920\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.63.0 to 0.77.0 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/910\"\u003edocker/login-action#910\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/login-action/pull/928\"\u003edocker/login-action#928\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​isaacs/brace-expansion\u003c/code\u003e from 5.0.0 to 5.0.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/921\"\u003edocker/login-action#921\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 4.1.0 to 4.1.1 in \u003ca href=\"https://redirect.github.com/docker/login-action/pull/901\"\u003edocker/login-action#901\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/login-action/compare/v3.7.0...v4.0.0\"\u003ehttps://github.com/docker/login-action/compare/v3.7.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/4907a6ddec9925e35a0a9e82d7399ccc52663121\"\u003e\u003ccode\u003e4907a6d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/930\"\u003e#930\u003c/a\u003e from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/1e233e691a8881d7f35ca7c2d5dfaaed80b39636\"\u003e\u003ccode\u003e1e233e6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/6c24ead68057f18c30c808a431f0b85dc25663cb\"\u003e\u003ccode\u003e6c24ead\u003c/code\u003e\u003c/a\u003e build(deps): bump the aws-sdk-dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/ee034d70944e3546349cd24295914f139342f1e6\"\u003e\u003ccode\u003eee034d7\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/958\"\u003e#958\u003c/a\u003e from docker/dependabot/npm_and_yarn/lodash-4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/1527209db9734bd2352a2dc1a63d79c9aa5358bb\"\u003e\u003ccode\u003e1527209\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/937\"\u003e#937\u003c/a\u003e from docker/dependabot/npm_and_yarn/proxy-agent-depen...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/d39362aba4d72f8d9d93e0962119840690133e1b\"\u003e\u003ccode\u003ed39362a\u003c/code\u003e\u003c/a\u003e build(deps): bump lodash from 4.17.23 to 4.18.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/a6f092b568105cbb6d9deb7e55e0a4c5c1025fce\"\u003e\u003ccode\u003ea6f092b\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/60953f0bed2120ec69659d271fe18d34bc069779\"\u003e\u003ccode\u003e60953f0\u003c/code\u003e\u003c/a\u003e build(deps): bump the proxy-agent-dependencies group with 2 updates\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/62c688590fb4ab6c6e89a217ced0a7b2ddcf1340\"\u003e\u003ccode\u003e62c6885\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/login-action/issues/936\"\u003e#936\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-to...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/login-action/commit/102c0e672992d2e992c89b6f4808d65a353b5a1a\"\u003e\u003ccode\u003e102c0e6\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...4907a6ddec9925e35a0a9e82d7399ccc52663121\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `docker/build-push-action` from 6.19.2 to 7.2.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/docker/build-push-action/releases\"\u003edocker/build-push-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.2.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1525\"\u003edocker/build-push-action#1525\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1517\"\u003edocker/build-push-action#1517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 2.0.2 to 5.0.6 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1534\"\u003edocker/build-push-action#1534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-builder from 1.1.4 to 1.2.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1529\"\u003edocker/build-push-action#1529\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.5.7 to 5.8.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1521\"\u003edocker/build-push-action#1521\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump postcss from 8.5.6 to 8.5.10 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1526\"\u003edocker/build-push-action#1526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 6.2.1 to 7.5.15 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1533\"\u003edocker/build-push-action#1533\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.1.0...v7.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.1.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eGit context \u003ca href=\"https://docs.docker.com/build/concepts/context/#url-queries\"\u003equery format\u003c/a\u003e support by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.79.0 to 0.87.0 by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1505\"\u003edocker/build-push-action#1505\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump brace-expansion from 1.1.12 to 1.1.13 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1500\"\u003edocker/build-push-action#1500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump fast-xml-parser from 5.4.2 to 5.5.7 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1489\"\u003edocker/build-push-action#1489\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump flatted from 3.3.3 to 3.4.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1491\"\u003edocker/build-push-action#1491\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.3.12 to 10.5.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1490\"\u003edocker/build-push-action#1490\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump handlebars from 4.7.8 to 4.7.9 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1497\"\u003edocker/build-push-action#1497\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump lodash from 4.17.23 to 4.18.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1510\"\u003edocker/build-push-action#1510\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump picomatch from 4.0.3 to 4.0.4 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1496\"\u003edocker/build-push-action#1496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump undici from 6.23.0 to 6.24.1 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1486\"\u003edocker/build-push-action#1486\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump vite from 7.3.1 to 7.3.2 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1509\"\u003edocker/build-push-action#1509\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\"\u003ehttps://github.com/docker/build-push-action/compare/v7.0.0...v7.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eNode 24 as default runtime (requires \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.327.1\"\u003eActions Runner v2.327.1\u003c/a\u003e or later) by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1470\"\u003edocker/build-push-action#1470\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove deprecated \u003ccode\u003eDOCKER_BUILD_NO_SUMMARY\u003c/code\u003e and \u003ccode\u003eDOCKER_BUILD_EXPORT_RETENTION_DAYS\u003c/code\u003e envs by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1473\"\u003edocker/build-push-action#1473\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eRemove legacy export-build tool support for build summary by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1474\"\u003edocker/build-push-action#1474\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSwitch to ESM and update config/test wiring by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1466\"\u003edocker/build-push-action#1466\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 3.0.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1454\"\u003edocker/build-push-action#1454\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.62.1 to 0.79.0 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1453\"\u003edocker/build-push-action#1453\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1472\"\u003edocker/build-push-action#1472\u003c/a\u003e \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1479\"\u003edocker/build-push-action#1479\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump minimatch from 3.1.2 to 3.1.5 in \u003ca href=\"https://redirect.github.com/docker/build-push-action/pull/1463\"\u003edocker/build-push-action#1463\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0\"\u003ehttps://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003e\u003ccode\u003ef9f3042\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1517\"\u003e#1517\u003c/a\u003e from docker/dependabot/npm_and_yarn/docker/actions-t...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/812d5fd9212a4c5d419e5be02fd8e9bb435c5d76\"\u003e\u003ccode\u003e812d5fd\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/b6f66930769f2917a3275dc4d81f15583ac7e105\"\u003e\u003ccode\u003eb6f6693\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​docker/actions-toolkit\u003c/code\u003e from 0.87.0 to 0.90.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/c1c626eced73a500ec65c4256c620b3b9e8278c0\"\u003e\u003ccode\u003ec1c626e\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1525\"\u003e#1525\u003c/a\u003e from docker/dependabot/npm_and_yarn/actions/core-3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/51bb284cd4d05650aa6f5e4e22cb96d2cbfe62b7\"\u003e\u003ccode\u003e51bb284\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/5f7884def8f133e8ef40c53d003d1471c05621c6\"\u003e\u003ccode\u003e5f7884d\u003c/code\u003e\u003c/a\u003e chore(deps): Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 3.0.0 to 3.0.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/e01deff7d956c756a20f3e19ff7ddc0e4a50fc1d\"\u003e\u003ccode\u003ee01deff\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1521\"\u003e#1521\u003c/a\u003e from docker/dependabot/npm_and_yarn/fast-xml-parser-...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/3804d497934b39bd591ee9d1c6c9e593b4488a67\"\u003e\u003ccode\u003e3804d49\u003c/code\u003e\u003c/a\u003e chore: update generated content\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/71e8947aac5dad23ce83a43e9c98f750e02de2f3\"\u003e\u003ccode\u003e71e8947\u003c/code\u003e\u003c/a\u003e chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/docker/build-push-action/commit/4925ad24cdbc42ff492d76cf9fe7a30b79976b60\"\u003e\u003ccode\u003e4925ad2\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/docker/build-push-action/issues/1526\"\u003e#1526\u003c/a\u003e from docker/dependabot/npm_and_yarn/postcss-8.5.10\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/docker/build-push-action/compare/10e90e3645eae34f1e60eeb005ba3a3d33f178e8...f9f3042f7e2789586610d6e8b85c8f03e5195baf\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/attest-build-provenance` from 2.4.0 to 4.1.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/attest-build-provenance/releases\"\u003eactions/attest-build-provenance's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate RELEASE.md docs by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/836\"\u003eactions/attest-build-provenance#836\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003eactions/attest\u003c/code\u003e from 4.0.0 to 4.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/838\"\u003eactions/attest-build-provenance#838\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.0.0 to 3.1.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/362\"\u003eactions/attest#362\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/attest\u003c/code\u003e from 3.1.0 to 3.2.0 by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/365\"\u003eactions/attest#365\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd new \u003ccode\u003esubject-version\u003c/code\u003e input for inclusion in storage record by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/364\"\u003eactions/attest#364\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd storage record content to README by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest/pull/366\"\u003eactions/attest#366\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!NOTE]\nAs of version 4, \u003ccode\u003eactions/attest-build-provenance\u003c/code\u003e is simply a wrapper on top of \u003ca href=\"https://github.com/actions/attest\"\u003e\u003ccode\u003eactions/attest\u003c/code\u003e\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eExisting applications may continue to use the \u003ccode\u003eattest-build-provenance\u003c/code\u003e action, but new implementations should use \u003ccode\u003eactions/attest\u003c/code\u003e instead.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v4 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/835\"\u003eactions/attest-build-provenance#835\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.2.0...v4.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.2.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/core\u003c/code\u003e from 1.11.1 to 2.0.1 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/776\"\u003eactions/attest-build-provenance#776\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd more documentation on Artifact Metadata Storage Records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/797\"\u003eactions/attest-build-provenance#797\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate actions/attest to latest version v3.2.0 by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/812\"\u003eactions/attest-build-provenance#812\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\"\u003ehttps://github.com/actions/attest-build-provenance/compare/v3.1.0...v3.2.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrepare v3 release by \u003ca href=\"https://github.com/bdehamer\"\u003e\u003ccode\u003e@​bdehamer\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/697\"\u003eactions/attest-build-provenance#697\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump js-yaml from 3.14.1 to 3.14.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/749\"\u003eactions/attest-build-provenance#749\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump tar from 7.5.1 to 7.5.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/753\"\u003eactions/attest-build-provenance#753\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump glob from 10.4.5 to 10.5.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/754\"\u003eactions/attest-build-provenance#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​types/node\u003c/code\u003e from 24.10.1 to 25.0.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/774\"\u003eactions/attest-build-provenance#774\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 1.6.0 to 2.0.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/736\"\u003eactions/attest-build-provenance#736\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@​actions/attest\u003c/code\u003e from 2.0.0 to 2.1.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/775\"\u003eactions/attest-build-provenance#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd support for creating artifact metadata storage records by \u003ca href=\"https://github.com/malancas\"\u003e\u003ccode\u003e@​malancas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/pull/779\"\u003eactions/attest-build-provenance#779\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003e\u003ccode\u003ea2bbfa2\u003c/code\u003e\u003c/a\u003e bump actions/attest from 4.0.0 to 4.1.0 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/838\"\u003e#838\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/0856891a35570e4ac506b510f0358a4308f82385\"\u003e\u003ccode\u003e0856891\u003c/code\u003e\u003c/a\u003e update RELEASE.md docs (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/836\"\u003e#836\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/e4d4f7c39adfa4c260fb5c147f0622000aa14b99\"\u003e\u003ccode\u003ee4d4f7c\u003c/code\u003e\u003c/a\u003e prepare v4 release (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/835\"\u003e#835\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/02a49bdc410a809733602220c6f6275925d6b578\"\u003e\u003ccode\u003e02a49bd\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/824\"\u003e#824\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/7c757df4145fcd233331998e58b20b422c833a00\"\u003e\u003ccode\u003e7c757df\u003c/code\u003e\u003c/a\u003e Bump the npm-development group with 2 updates (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/825\"\u003e#825\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/c44148e5bf178192efd8947e07a0d439a356c60b\"\u003e\u003ccode\u003ec44148e\u003c/code\u003e\u003c/a\u003e Bump github/codeql-action in the actions-minor group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/818\"\u003e#818\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/32343527f2ec94583cf7b31280de0f60dc9f0bf9\"\u003e\u003ccode\u003e3234352\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​types/node\u003c/code\u003e from 25.0.10 to 25.2.0 in the npm-development group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/819\"\u003e#819\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/18db12979d4cecda10c1cf295bcb159f3e59866d\"\u003e\u003ccode\u003e18db129\u003c/code\u003e\u003c/a\u003e Bump tar from 7.5.6 to 7.5.7 (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/816\"\u003e#816\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/90fadfae6ba2e2ef59f8d38e61ec3cf16443a18e\"\u003e\u003ccode\u003e90fadfa\u003c/code\u003e\u003c/a\u003e Bump \u003ccode\u003e@​actions/core\u003c/code\u003e from 2.0.1 to 2.0.2 in the npm-production group (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/799\"\u003e#799\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/attest-build-provenance/commit/57db8ba356515a4c8608990f2aa27a6972235ccc\"\u003e\u003ccode\u003e57db8ba\u003c/code\u003e\u003c/a\u003e Bump the npm-development group across 1 directory with 3 updates (\u003ca href=\"https://redirect.github.com/actions/attest-build-provenance/issues/808\"\u003e#808\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/attest-build-provenance/compare/e8998f949152b193b063cb0ec769d69d929409be...a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `sigstore/cosign-installer` from 3.7.0 to 4.1.2\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/sigstore/cosign-installer/releases\"\u003esigstore/cosign-installer's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.1.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.6 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/232\"\u003esigstore/cosign-installer#232\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.1.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003echore: update default cosign-release to v3.0.5 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/223\"\u003esigstore/cosign-installer#223\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v4.1.0...v4.1.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.1.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eWe recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing \u003ccode\u003ewith: cosign-release\u003c/code\u003e and strongly discourage using \u003ccode\u003ecosign-release\u003c/code\u003e unless you have a specific reason to use an older version of Cosign.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump cosign to 3.0.5 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/220\"\u003esigstore/cosign-installer#220\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: add retry to curl downloads for transient network failures in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/210\"\u003esigstore/cosign-installer#210\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev4.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed?\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e You must upgrade to cosign-installer v4 if you want to install \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3+\u003c/a\u003e. You may still install Cosign v2.x with cosign-installer v4.\u003c/p\u003e\n\u003cp\u003eIn version v3+, using \u003ccode\u003ecosign sign-blob\u003c/code\u003e requires adding the \u003ccode\u003e--bundle\u003c/code\u003e flag which may require you to update your signing command.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eAdd support for Cosign v3 releases (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/201\"\u003e#201\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed?\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e cosign-installer v3.x cannot be used to install \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3.x\u003c/a\u003e. You must upgrade to cosign-installer v4 in order to use Cosign v3.\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eNote:\u003c/strong\u003e This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to \u003ca href=\"https://blog.sigstore.dev/cosign-3-0-available/\"\u003eCosign v3\u003c/a\u003e.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBump default Cosign to v2.6.1 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/203\"\u003e#203\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev3.10.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump default Cosign to v2.6.0 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/200\"\u003esigstore/cosign-installer#200\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0\"\u003ehttps://github.com/sigstore/cosign-installer/compare/v3.9.2...v3.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev3.9.2\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003enot fail fast and setup permissions in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/195\"\u003esigstore/cosign-installer#195\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edrop old unsupported versions \u0026lt;v2.0.0 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/192\"\u003esigstore/cosign-installer#192\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default to v2.5.3 in \u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/pull/196\"\u003esigstore/cosign-installer#196\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003e\u003ccode\u003e6f9f177\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.6 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/232\"\u003e#232\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/b5e753ae2d39589c7b38850b463739151fc67f07\"\u003e\u003ccode\u003eb5e753a\u003c/code\u003e\u003c/a\u003e Bump actions/github-script from 8.0.0 to 9.0.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/230\"\u003e#230\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/115e4ce455e573aa6e9ba51e8d040ddd5c1378af\"\u003e\u003ccode\u003e115e4ce\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.3.0 to 6.4.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/226\"\u003e#226\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003\"\u003e\u003ccode\u003ecad07c2\u003c/code\u003e\u003c/a\u003e chore: update default cosign-release to v3.0.5 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/223\"\u003e#223\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/ba7bc0a3fef59531c69a25acd34668d6d3fe6f22\"\u003e\u003ccode\u003eba7bc0a\u003c/code\u003e\u003c/a\u003e fix: add retry to curl downloads for transient network failures (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/210\"\u003e#210\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/5a292e1504fdf08d68831aa1d265e92aee5701f9\"\u003e\u003ccode\u003e5a292e1\u003c/code\u003e\u003c/a\u003e Bump cosign to 3.0.5 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/220\"\u003e#220\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/351ea76151ae2dbbf52374c9dd639f4981de944f\"\u003e\u003ccode\u003e351ea76\u003c/code\u003e\u003c/a\u003e Bump actions/checkout from 6.0.1 to 6.0.2 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/217\"\u003e#217\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/c17565ff322a3403de48978f18d9ee0cfa7c2cd5\"\u003e\u003ccode\u003ec17565f\u003c/code\u003e\u003c/a\u003e test with go 1.26 too (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/221\"\u003e#221\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/a6fdd19182ff7fb86ae39a9329ba29eb602cbabb\"\u003e\u003ccode\u003ea6fdd19\u003c/code\u003e\u003c/a\u003e Bump actions/setup-go from 6.1.0 to 6.3.0 (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/218\"\u003e#218\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/sigstore/cosign-installer/commit/430b6a704fe0c92f1b1261d84376a900f38d90ff\"\u003e\u003ccode\u003e430b6a7\u003c/code\u003e\u003c/a\u003e docs: fix registry from gcr.io to ghcr.io (\u003ca href=\"https://redirect.github.com/sigstore/cosign-installer/issues/213\"\u003e#213\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/sigstore/cosign-installer/compare/dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da...6f9f17788090df1f26f669e9d70d6ae9567deba6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4.6.2 to 7.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate the readme with direct upload details by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/795\"\u003eactions/upload-artifact#795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: bump all the example versions to v7 by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/796\"\u003eactions/upload-artifact#796\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eInclude changes in typespec/ts-http-runtime 0.3.5 by \u003ca href=\"https://github.com/yacaovsnc\"\u003e\u003ccode\u003e@​yacaovsnc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/797\"\u003eactions/upload-artifact#797\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v7...v7.0.1\"\u003ehttps://github.com/actions/upload-artifact/compare/v7...v7.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/download-artifact` from 4.3.0 to 8.0.1\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/download-artifact/releases\"\u003eactions/download-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev8.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eSupport for CJK characters in the artifact name by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/471\"\u003eactions/download-artifact#471\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a regression test for artifact name + content-type mismatches by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/472\"\u003eactions/download-artifact#472\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v8...v8.0.1\"\u003ehttps://github.com/actions/download-artifact/compare/v8...v8.0.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev8.0.0\u003c/h2\u003e\n\u003ch2\u003ev8 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nHash mismatches will now error by default. Users can override this behavior with a setting change (see below).\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eDirect downloads\u003c/h3\u003e\n\u003cp\u003eTo support direct uploads in \u003ccode\u003eactions/upload-artifact\u003c/code\u003e, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the \u003ccode\u003eContent-Type\u003c/code\u003e header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new \u003ccode\u003eskip-decompress\u003c/code\u003e parameter to \u003ccode\u003etrue\u003c/code\u003e.\u003c/p\u003e\n\u003ch3\u003eEnforced checks (breaking)\u003c/h3\u003e\n\u003cp\u003eA previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the \u003ccode\u003edigest-mismatch\u003c/code\u003e parameter. To be secure by default, we are now defaulting the behavior to \u003ccode\u003eerror\u003c/code\u003e which will fail the workflow run.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the @actions/* packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDon't attempt to un-zip non-zipped downloads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/460\"\u003eactions/download-artifact#460\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eAdd a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/461\"\u003eactions/download-artifact#461\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/download-artifact/compare/v7...v8.0.0\"\u003ehttps://github.com/actions/download-artifact/compare/v7...v8.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/download-artifact@v7 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/440\"\u003eactions/download-artifact#440\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eDownload Artifact Node24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/415\"\u003eactions/download-artifact#415\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e to fix Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/451\"\u003eactions/download-artifact#451\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v7.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/download-artifact/pull/452\"\u003eactions/download-artifact#452\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003e\u003ccode\u003e3e5f45b\u003c/code\u003e\u003c/a\u003e Add regression tests for CJK characters (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/471\"\u003e#471\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/e6d03f67377d4412c7aa56a8e2e4988e6ec479dd\"\u003e\u003ccode\u003ee6d03f6\u003c/code\u003e\u003c/a\u003e Add a regression test for artifact name + content-type mismatches (\u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/472\"\u003e#472\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3\"\u003e\u003ccode\u003e70fc10c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/461\"\u003e#461\u003c/a\u003e from actions/danwkennedy/digest-mismatch-behavior\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/f258da9a506b755b84a09a531814700b86ccfc62\"\u003e\u003ccode\u003ef258da9\u003c/code\u003e\u003c/a\u003e Add change docs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ccc058e5fbb0bb2352213eaec3491e117cbc4a5c\"\u003e\u003ccode\u003eccc058e\u003c/code\u003e\u003c/a\u003e Fix linting issues\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/bd7976ba57ecea96e6f3df575eb922d11a12a9fd\"\u003e\u003ccode\u003ebd7976b\u003c/code\u003e\u003c/a\u003e Add a setting to specify what to do on hash mismatch and default it to \u003ccode\u003eerror\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/ac21fcf45e0aaee541c0f7030558bdad38d77d6c\"\u003e\u003ccode\u003eac21fcf\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/download-artifact/issues/460\"\u003e#460\u003c/a\u003e from actions/danwkennedy/download-no-unzip\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/15999bff51058bc7c19b50ebbba518eaef7c26c0\"\u003e\u003ccode\u003e15999bf\u003c/code\u003e\u003c/a\u003e Add note about package bumps\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/974686ed5098c7f9c9289ec946b9058e496a2561\"\u003e\u003ccode\u003e974686e\u003c/code\u003e\u003c/a\u003e Bump the version to \u003ccode\u003ev8\u003c/code\u003e and add release notes\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/download-artifact/commit/fbe48b1d2756394be4cd4358ed3bc1343b330e75\"\u003e\u003ccode\u003efbe48b1\u003c/code\u003e\u003c/a\u003e Update test names to make it clearer what they do\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/setup-go` from 5.6.0 to 6.4.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/setup-go/releases\"\u003eactions/setup-go's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eEnhancement\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eAdd go-download-base-url input for custom Go distributions by \u003ca h...\n\n_Description has been truncated_","html_url":"https://github.com/leduytuanvu/avf-vending-api/pull/205","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/leduytuanvu%2Favf-vending-api/issues/205","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/205/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-11T04:50:10.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4418146356","node_id":"PR_kwDOR_Kslc7aHGQf","number":122,"state":"open","title":"chore(ci)(deps): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-11T04:50:10.000Z","updated_at":"2026-05-11T04:50:10.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)(deps)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/DFXswiss/dfx-wallet/pull/122","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/DFXswiss%2Fdfx-wallet/issues/122","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/122/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-05-03T18:01:29.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4372553517","node_id":"PR_kwDOR4I6r87XznJw","number":1,"state":"open","title":"chore(deps): bump the all group with 6 updates","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-05-03T18:01:29.000Z","updated_at":"2026-05-03T18:01:30.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(deps): bump","group_name":"all","update_count":6,"packages":[{"name":"actions/checkout","old_version":"5","new_version":"6","repository_url":"https://github.com/actions/checkout"},{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"},{"name":"goreleaser/goreleaser-action","old_version":"6","new_version":"7","repository_url":"https://github.com/goreleaser/goreleaser-action"},{"name":"actions/upload-artifact","old_version":"4","new_version":"7","repository_url":"https://github.com/actions/upload-artifact"},{"name":"softprops/action-gh-release","old_version":"2","new_version":"3","repository_url":"https://github.com/softprops/action-gh-release"},{"name":"github/codeql-action","old_version":"4.35.1","new_version":"4.35.3","repository_url":"https://github.com/github/codeql-action"}],"path":null,"ecosystem":"actions"},"body":"Bumps the all group with 6 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `5` | `6` |\n| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) | `0.9.0` | `0.10.0` |\n| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6` | `7` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |\n| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.35.3` |\n\nUpdates `actions/checkout` from 5 to 6\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/checkout/releases\"\u003eactions/checkout's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README to include Node.js 24 support details and requirements by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2248\"\u003eactions/checkout#2248\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePersist creds to a separate file by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2286\"\u003eactions/checkout#2286\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ev6-beta by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2298\"\u003eactions/checkout#2298\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eupdate readme/changelog for v6 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2311\"\u003eactions/checkout#2311\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/checkout/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6-beta\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eUpdated persist-credentials to store the credentials under \u003ccode\u003e$RUNNER_TEMP\u003c/code\u003e instead of directly in the local git config.\u003c/p\u003e\n\u003cp\u003eThis requires a minimum Actions Runner version of \u003ca href=\"https://github.com/actions/runner/releases/tag/v2.329.0\"\u003ev2.329.0\u003c/a\u003e to access the persisted credentials for \u003ca href=\"https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action\"\u003eDocker container action\u003c/a\u003e scenarios.\u003c/p\u003e\n\u003ch2\u003ev5.0.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePort v6 cleanup to v5 by \u003ca href=\"https://github.com/ericsciple\"\u003e\u003ccode\u003e@​ericsciple\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/checkout/pull/2301\"\u003eactions/checkout#2301\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/checkout/compare/v5...v5.0.1\"\u003ehttps://github.com/actions/checkout/compare/v5...v5.0.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/de0fac2e4500dabe0009e67214ff5f5447ce83dd\"\u003e\u003ccode\u003ede0fac2\u003c/code\u003e\u003c/a\u003e Fix tag handling: preserve annotations and explicit fetch-tags (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2356\"\u003e#2356\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/064fe7f3312418007dea2b49a19844a9ee378f49\"\u003e\u003ccode\u003e064fe7f\u003c/code\u003e\u003c/a\u003e Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8\"\u003e\u003ccode\u003e8e8c483\u003c/code\u003e\u003c/a\u003e Clarify v6 README (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2328\"\u003e#2328\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1\"\u003e\u003ccode\u003e033fa0d\u003c/code\u003e\u003c/a\u003e Add worktree support for persist-credentials includeIf (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2327\"\u003e#2327\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5\"\u003e\u003ccode\u003ec2d88d3\u003c/code\u003e\u003c/a\u003e Update all references from v5 and v4 to v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2314\"\u003e#2314\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3\"\u003e\u003ccode\u003e1af3b93\u003c/code\u003e\u003c/a\u003e update readme/changelog for v6 (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2311\"\u003e#2311\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e\"\u003e\u003ccode\u003e71cf226\u003c/code\u003e\u003c/a\u003e v6-beta (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2298\"\u003e#2298\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e\"\u003e\u003ccode\u003e069c695\u003c/code\u003e\u003c/a\u003e Persist creds to a separate file (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2286\"\u003e#2286\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493\"\u003e\u003ccode\u003eff7abcd\u003c/code\u003e\u003c/a\u003e Update README to include Node.js 24 support details and requirements (\u003ca href=\"https://redirect.github.com/actions/checkout/issues/2248\"\u003e#2248\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/actions/checkout/compare/v5...v6\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `webfactory/ssh-agent` from 0.9.0 to 0.10.0\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `goreleaser/goreleaser-action` from 6 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/goreleaser/goreleaser-action/releases\"\u003egoreleaser/goreleaser-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efeat!: node 24, update deps, rm yarn, ESM by \u003ca href=\"https://github.com/caarlos0\"\u003e\u003ccode\u003e@​caarlos0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/533\"\u003egoreleaser/goreleaser-action#533\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003esec: pin github action versions by \u003ca href=\"https://github.com/caarlos0\"\u003e\u003ccode\u003e@​caarlos0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/514\"\u003egoreleaser/goreleaser-action#514\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003edocs: Upgrade checkout GitHub Action in README.md by \u003ca href=\"https://github.com/dunglas\"\u003e\u003ccode\u003e@​dunglas\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/507\"\u003egoreleaser/goreleaser-action#507\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump actions/checkout from 4 to 5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/504\"\u003egoreleaser/goreleaser-action#504\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump the actions group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/517\"\u003egoreleaser/goreleaser-action#517\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump the actions group with 2 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/523\"\u003egoreleaser/goreleaser-action#523\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump docker/bake-action from 6.9.0 to 6.10.0 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/526\"\u003egoreleaser/goreleaser-action#526\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump the actions group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/532\"\u003egoreleaser/goreleaser-action#532\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/534\"\u003egoreleaser/goreleaser-action#534\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump the npm group across 1 directory with 4 updates by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/536\"\u003egoreleaser/goreleaser-action#536\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump \u003ccode\u003e@​actions/http-client\u003c/code\u003e from 3.0.2 to 4.0.0 in the npm group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/537\"\u003egoreleaser/goreleaser-action#537\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eci(deps): bump docker/setup-buildx-action from 3.10.0 to 3.12.0 in the actions group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/538\"\u003egoreleaser/goreleaser-action#538\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/539\"\u003egoreleaser/goreleaser-action#539\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6...v7.0.0\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.4.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eci: set contents read as default workflow permissions by \u003ca href=\"https://github.com/crazy-max\"\u003e\u003ccode\u003e@​crazy-max\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/494\"\u003egoreleaser/goreleaser-action#494\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: support .config directory for goreleaser config files  by \u003ca href=\"https://github.com/haya14busa\"\u003e\u003ccode\u003e@​haya14busa\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/500\"\u003egoreleaser/goreleaser-action#500\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump semver from 7.7.1 to 7.7.2 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/495\"\u003egoreleaser/goreleaser-action#495\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 1.1.11 to 1.1.12 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/498\"\u003egoreleaser/goreleaser-action#498\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: do not get releases.json if version is specific by \u003ca href=\"https://github.com/caarlos0\"\u003e\u003ccode\u003e@​caarlos0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/502\"\u003egoreleaser/goreleaser-action#502\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump undici from 5.28.5 to 5.29.0 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/496\"\u003egoreleaser/goreleaser-action#496\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efeat: retry downloading releases json by \u003ca href=\"https://github.com/caarlos0\"\u003e\u003ccode\u003e@​caarlos0\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/503\"\u003egoreleaser/goreleaser-action#503\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/haya14busa\"\u003e\u003ccode\u003e@​haya14busa\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/500\"\u003egoreleaser/goreleaser-action#500\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6.3.0...v6.4.0\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v6.3.0...v6.4.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.3.0\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eBump undici from 5.28.3 to 5.28.5 in \u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/pull/488\"\u003egoreleaser/goreleaser-action#488\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6.2.1...v6.3.0\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v6.2.1...v6.3.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.2.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003eThis version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the \u003ccode\u003e-pro\u003c/code\u003e suffix).\nOlder versions should work fine.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!WARNING]\nThis version is \u003cstrong\u003erequired\u003c/strong\u003e for GoReleaser Pro v2.7.0+.\nRead more \u003ca href=\"https://goreleaser.com/blog/goreleaser-v2.7/\"\u003ehere\u003c/a\u003e.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6.2.0...v6.2.1\"\u003ehttps://github.com/goreleaser/goreleaser-action/compare/v6.2.0...v6.2.1\u003c/a\u003e\u003c/p\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/1a80836c5c9d9e5755a25cb59ec6f45a3b5f41a8\"\u003e\u003ccode\u003e1a80836\u003c/code\u003e\u003c/a\u003e ci(nightly): pass GITHUB_TOKEN to nightly integration job\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/a71152e8274c84525d8835ba71448d64d2023702\"\u003e\u003ccode\u003ea71152e\u003c/code\u003e\u003c/a\u003e refactor: drop legacy 'nightly' tag fallback\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/4c6ab561adb47e50c45ef534e2155934e91c40c1\"\u003e\u003ccode\u003e4c6ab56\u003c/code\u003e\u003c/a\u003e feat: resolve nightly to latest vX.Y.Z-\u0026lt;sha\u0026gt;-nightly release (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/558\"\u003e#558\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/4f96abf297f872baa17cd502a9b5ef0725fd1edc\"\u003e\u003ccode\u003e4f96abf\u003c/code\u003e\u003c/a\u003e feat: add \u003ccode\u003eversion-file\u003c/code\u003e input (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/556\"\u003e#556\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/15fa2a96d4a23f516334bb340969ca4e9c82f0fa\"\u003e\u003ccode\u003e15fa2a9\u003c/code\u003e\u003c/a\u003e test: cover install across release eras (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/555\"\u003e#555\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/e24998b8b67b290c2fa8b7c14fcfa7de2c5c9b8c\"\u003e\u003ccode\u003ee24998b\u003c/code\u003e\u003c/a\u003e ci: drop pre-cosign-v3 goreleaser versions from tests (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/554\"\u003e#554\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/be2e8a39ba2f6daed623e98e8b6662f008cffc8d\"\u003e\u003ccode\u003ebe2e8a3\u003c/code\u003e\u003c/a\u003e docs: document cosign verification in README (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/553\"\u003e#553\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/5e53f8eea2783e9a9b5963dafae20a7e5320618c\"\u003e\u003ccode\u003e5e53f8e\u003c/code\u003e\u003c/a\u003e ci: add release-major-tag workflow (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/552\"\u003e#552\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/4068afa2f0763491214b56d83686409cb4549b8c\"\u003e\u003ccode\u003e4068afa\u003c/code\u003e\u003c/a\u003e build: drop docker-bake in favor of plain npm (\u003ca href=\"https://redirect.github.com/goreleaser/goreleaser-action/issues/551\"\u003e#551\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/goreleaser/goreleaser-action/commit/213ec80f5629fd53743a07c81b86deb4c540955f\"\u003e\u003ccode\u003e213ec80\u003c/code\u003e\u003c/a\u003e docs: add CONTRIBUTING with pre-commit workflow\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/goreleaser/goreleaser-action/compare/v6...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `actions/upload-artifact` from 4 to 7\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/actions/upload-artifact/releases\"\u003eactions/upload-artifact's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev7.0.0\u003c/h2\u003e\n\u003ch2\u003ev7 What's new\u003c/h2\u003e\n\u003ch3\u003eDirect Uploads\u003c/h3\u003e\n\u003cp\u003eAdds support for uploading single files directly (unzipped). Callers can set the new \u003ccode\u003earchive\u003c/code\u003e parameter to \u003ccode\u003efalse\u003c/code\u003e to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The \u003ccode\u003ename\u003c/code\u003e parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.\u003c/p\u003e\n\u003ch3\u003eESM\u003c/h3\u003e\n\u003cp\u003eTo support new versions of the \u003ccode\u003e@actions/*\u003c/code\u003e packages, we've upgraded the package to ESM.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdd proxy integration test by \u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpgrade the module to ESM and bump dependencies by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/762\"\u003eactions/upload-artifact#762\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eSupport direct file uploads by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/764\"\u003eactions/upload-artifact#764\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/Link\"\u003e\u003ccode\u003e@​Link\u003c/code\u003e\u003c/a\u003e- made their first contribution in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/754\"\u003eactions/upload-artifact#754\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v6...v7.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v6...v7.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev6.0.0\u003c/h2\u003e\n\u003ch2\u003ev6 - What's new\u003c/h2\u003e\n\u003cblockquote\u003e\n\u003cp\u003e[!IMPORTANT]\nactions/upload-artifact@v6 now runs on Node.js 24 (\u003ccode\u003eruns.using: node24\u003c/code\u003e) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003ch3\u003eNode.js 24\u003c/h3\u003e\n\u003cp\u003eThis release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpload Artifact Node 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/719\"\u003eactions/upload-artifact#719\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003efix: update \u003ccode\u003e@​actions/artifact\u003c/code\u003e for Node.js 24 punycode deprecation by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/744\"\u003eactions/upload-artifact#744\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eprepare release v6.0.0 for Node.js 24 support by \u003ca href=\"https://github.com/salmanmkc\"\u003e\u003ccode\u003e@​salmanmkc\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/745\"\u003eactions/upload-artifact#745\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\"\u003ehttps://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev5.0.0\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cp\u003e\u003cstrong\u003eBREAKING CHANGE:\u003c/strong\u003e this update supports Node \u003ccode\u003ev24.x\u003c/code\u003e. This is not a breaking change per-se but we're treating it as such.\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/GhadimiR\"\u003e\u003ccode\u003e@​GhadimiR\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/681\"\u003eactions/upload-artifact#681\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate README.md by \u003ca href=\"https://github.com/nebuk89\"\u003e\u003ccode\u003e@​nebuk89\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/712\"\u003eactions/upload-artifact#712\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eReadme: spell out the first use of GHES by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/727\"\u003eactions/upload-artifact#727\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate GHES guidance to include reference to Node 20 version by \u003ca href=\"https://github.com/patrikpolyak\"\u003e\u003ccode\u003e@​patrikpolyak\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/725\"\u003eactions/upload-artifact#725\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBump \u003ccode\u003e@actions/artifact\u003c/code\u003e to \u003ccode\u003ev4.0.0\u003c/code\u003e\u003c/li\u003e\n\u003cli\u003ePrepare \u003ccode\u003ev5.0.0\u003c/code\u003e by \u003ca href=\"https://github.com/danwkennedy\"\u003e\u003ccode\u003e@​danwkennedy\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/actions/upload-artifact/pull/734\"\u003eactions/upload-artifact#734\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/043fb46d1a93c77aae656e7c1c64a875d1fc6a0a\"\u003e\u003ccode\u003e043fb46\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/797\"\u003e#797\u003c/a\u003e from actions/yacaovsnc/update-dependency\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/634250c1388765ea7ed0f053e636f1f399000b94\"\u003e\u003ccode\u003e634250c\u003c/code\u003e\u003c/a\u003e Include changes in typespec/ts-http-runtime 0.3.5\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e454baaac2be505c9450e11b8f3215c6fc023ce8\"\u003e\u003ccode\u003ee454baa\u003c/code\u003e\u003c/a\u003e Readme: bump all the example versions to v7 (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/796\"\u003e#796\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/74fad66b98a6d799dc004d3353ccd0e6f6b2530e\"\u003e\u003ccode\u003e74fad66\u003c/code\u003e\u003c/a\u003e Update the readme with direct upload details (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/795\"\u003e#795\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f\"\u003e\u003ccode\u003ebbbca2d\u003c/code\u003e\u003c/a\u003e Support direct file uploads (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/764\"\u003e#764\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296\"\u003e\u003ccode\u003e589182c\u003c/code\u003e\u003c/a\u003e Upgrade the module to ESM and bump dependencies (\u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/762\"\u003e#762\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5\"\u003e\u003ccode\u003e47309c9\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/754\"\u003e#754\u003c/a\u003e from actions/Link-/add-proxy-integration-tests\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0\"\u003e\u003ccode\u003e02a8460\u003c/code\u003e\u003c/a\u003e Add proxy integration test\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f\"\u003e\u003ccode\u003eb7c566a\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/actions/upload-artifact/issues/745\"\u003e#745\u003c/a\u003e from actions/upload-artifact-v6-release\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b\"\u003e\u003ccode\u003ee516bc8\u003c/code\u003e\u003c/a\u003e docs: correct description of Node.js 24 support in README\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/actions/upload-artifact/compare/v4...v7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `softprops/action-gh-release` from 2 to 3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/releases\"\u003esoftprops/action-gh-release's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev3.0.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e3.0.0\u003c/code\u003e is a major release that moves the action runtime from Node 20 to Node 24.\nUse \u003ccode\u003ev3\u003c/code\u003e on GitHub-hosted runners and self-hosted fleets that already support the\nNode 24 Actions runtime. If you still need the last Node 20-compatible line, stay on\n\u003ccode\u003ev2.6.2\u003c/code\u003e.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eMove the action runtime and bundle target to Node 24\u003c/li\u003e\n\u003cli\u003eUpdate \u003ccode\u003e@types/node\u003c/code\u003e to the Node 24 line and allow future Dependabot updates\u003c/li\u003e\n\u003cli\u003eKeep the floating major tag on \u003ccode\u003ev3\u003c/code\u003e; \u003ccode\u003ev2\u003c/code\u003e remains pinned to the latest \u003ccode\u003e2.x\u003c/code\u003e release\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.2\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eOther Changes 🔄\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003echore(deps): bump picomatch from 4.0.3 to 4.0.4 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/775\"\u003esoftprops/action-gh-release#775\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/777\"\u003esoftprops/action-gh-release#777\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003echore(deps): bump vite from 8.0.0 to 8.0.5 by \u003ca href=\"https://github.com/dependabot\"\u003e\u003ccode\u003e@​dependabot\u003c/code\u003e\u003c/a\u003e[bot] in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/781\"\u003esoftprops/action-gh-release#781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v2.6.2\"\u003ehttps://github.com/softprops/action-gh-release/compare/v2...v2.6.2\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.6.1\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.1\u003c/code\u003e is a patch release focused on restoring linked discussion thread creation when\n\u003ccode\u003ediscussion_category_name\u003c/code\u003e is set. It fixes \u003ccode\u003e[#764](https://github.com/softprops/action-gh-release/issues/764)\u003c/code\u003e, where the draft-first publish flow\nstopped carrying the discussion category through the final publish step.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003ch3\u003eBug fixes 🐛\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003efix: preserve discussion category on publish by \u003ca href=\"https://github.com/chenrui333\"\u003e\u003ccode\u003e@​chenrui333\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/765\"\u003esoftprops/action-gh-release#765\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev2.6.0\u003c/h2\u003e\n\u003cp\u003e\u003ccode\u003e2.6.0\u003c/code\u003e is a minor release centered on \u003ccode\u003eprevious_tag\u003c/code\u003e support for \u003ccode\u003egenerate_release_notes\u003c/code\u003e,\nwhich lets workflows pin GitHub's comparison base explicitly instead of relying on the default range.\nIt also includes the recent concurrent asset upload recovery fix, a \u003ccode\u003eworking_directory\u003c/code\u003e docs sync,\na checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where\nGitHub platform behavior imposes constraints on how prerelease asset uploads can be published.\u003c/p\u003e\n\u003cp\u003eIf you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md\"\u003esoftprops/action-gh-release's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003e0.1.13\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003efix issue with multiple runs concatenating release bodies \u003ca href=\"https://redirect.github.com/softprops/action-gh-release/pull/145\"\u003e#145\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/b4309332981a82ec1c5618f44dd2e27cc8bfbfda\"\u003e\u003ccode\u003eb430933\u003c/code\u003e\u003c/a\u003e release: cut v3.0.0 for Node 24 upgrade (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/670\"\u003e#670\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/softprops/action-gh-release/commit/c2e35e05a74208bafbfcbdae5ebc9da7236e980f\"\u003e\u003ccode\u003ec2e35e0\u003c/code\u003e\u003c/a\u003e chore(deps): bump the npm group across 1 directory with 7 updates (\u003ca href=\"https://redirect.github.com/softprops/action-gh-release/issues/783\"\u003e#783\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/softprops/action-gh-release/compare/v2...v3\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\nUpdates `github/codeql-action` from 4.35.1 to 4.35.3\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003egithub/codeql-action's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev4.35.3\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003ev4.35.2\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/github/codeql-action/blob/main/CHANGELOG.md\"\u003egithub/codeql-action's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eCodeQL Action Changelog\u003c/h1\u003e\n\u003cp\u003eSee the \u003ca href=\"https://github.com/github/codeql-action/releases\"\u003ereleases page\u003c/a\u003e for the relevant changes to the CodeQL CLI and language packs.\u003c/p\u003e\n\u003ch2\u003e[UNRELEASED]\u003c/h2\u003e\n\u003cp\u003eNo user facing changes.\u003c/p\u003e\n\u003ch2\u003e4.35.3 - 01 May 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cem\u003eUpcoming breaking change\u003c/em\u003e: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3837\"\u003e#3837\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eConfigurations for private registries that use Cloudsmith or GCP OIDC are now accepted. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3850\"\u003e#3850\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eBest-effort connection tests for private registries now use \u003ccode\u003eGET\u003c/code\u003e requests instead of \u003ccode\u003eHEAD\u003c/code\u003e for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3852\"\u003e#3852\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3\"\u003e2.25.3\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3865\"\u003e#3865\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.2 - 15 Apr 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eThe undocumented TRAP cache cleanup feature that could be enabled using the \u003ccode\u003eCODEQL_ACTION_CLEANUP_TRAP_CACHES\u003c/code\u003e environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the \u003ccode\u003etrap-caching: false\u003c/code\u003e input to the \u003ccode\u003einit\u003c/code\u003e Action. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3795\"\u003e#3795\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eThe Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3789\"\u003e#3789\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003ePython analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3794\"\u003e#3794\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eFixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3807\"\u003e#3807\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2\"\u003e2.25.2\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3823\"\u003e#3823\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.1 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eFix incorrect minimum required Git version for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e: it should have been 2.36.0, not 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3781\"\u003e#3781\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.35.0 - 27 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eReduced the minimum Git version required for \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e from 2.38.0 to 2.11.0. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3767\"\u003e#3767\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1\"\u003e2.25.1\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3773\"\u003e#3773\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.1 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDowngrade default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3\"\u003e2.24.3\u003c/a\u003e due to issues with a small percentage of Actions and JavaScript analyses. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3762\"\u003e#3762\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.34.0 - 20 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAdded an experimental change which disables TRAP caching when \u003ca href=\"https://redirect.github.com/github/roadmap/issues/1158\"\u003eimproved incremental analysis\u003c/a\u003e is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3569\"\u003e#3569\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eWe are rolling out improved incremental analysis to C/C++ analyses that use build mode \u003ccode\u003enone\u003c/code\u003e. We expect this rollout to be complete by the end of April 2026. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3584\"\u003e#3584\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003eUpdate default CodeQL bundle version to \u003ca href=\"https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0\"\u003e2.25.0\u003c/a\u003e. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3585\"\u003e#3585\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003e4.33.0 - 16 Mar 2026\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\n\u003cp\u003eUpcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. \u003ca href=\"https://redirect.github.com/github/codeql-action/pull/3562\"\u003e#3562\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003eTo opt out of this change:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\u003cstrong\u003eRepositories owned by an organization:\u003c/strong\u003e Create a custom repository property with the name \u003ccode\u003egithub-codeql-file-coverage-on-prs\u003c/code\u003e and the type \u0026quot;True/false\u0026quot;, then set this property to \u003ccode\u003etrue\u003c/code\u003e in the repository's settings. For more information, see \u003ca href=\"https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization\"\u003eManaging custom properties for repositories in your organization\u003c/a\u003e. Alternatively, if you are using an advanced setup workflow, you can set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003cli\u003e\u003cstrong\u003eUser-owned repositories using default setup:\u003c/strong\u003e Switch to an advanced setup workflow and set the \u003ccode\u003eCODEQL_ACTION_FILE_COVERAGE_ON_PRS\u003c/code\u003e environment variable to \u003ccode\u003etrue\u003c/code\u003e in your workflow.\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003c!-- raw HTML omitted --\u003e\n\u003c/blockquote\u003e\n\u003cp\u003e... (truncated)\u003c/p\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/e46ed2cbd01164d986452f91f178727624ae40d7\"\u003e\u003ccode\u003ee46ed2c\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3867\"\u003e#3867\u003c/a\u003e from github/update-v4.35.3-8c6e48dbe\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/b73d1d163446ca5e62b96698027210ab41df6a4a\"\u003e\u003ccode\u003eb73d1d1\u003c/code\u003e\u003c/a\u003e Add changelog entry for \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3853\"\u003e#3853\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/24e0bb00a931e2a5edb703ce3b22a70f3a3e800b\"\u003e\u003ccode\u003e24e0bb0\u003c/code\u003e\u003c/a\u003e Reorder changelog entries\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/ec298daba71cf7592feacbd1c0887cddc0659f62\"\u003e\u003ccode\u003eec298da\u003c/code\u003e\u003c/a\u003e Update changelog for v4.35.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/8c6e48dbe051ceb3015c19554831af1b43275f46\"\u003e\u003ccode\u003e8c6e48d\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3865\"\u003e#3865\u003c/a\u003e from github/update-bundle/codeql-bundle-v2.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/719098349ea5beae8aa364bf9b71ff1c8d937df2\"\u003e\u003ccode\u003e7190983\u003c/code\u003e\u003c/a\u003e Add changelog note\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/2bb209555a024d051f6271c8a846b402497f9445\"\u003e\u003ccode\u003e2bb2095\u003c/code\u003e\u003c/a\u003e Update default bundle to codeql-bundle-v2.25.3\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/7851e55dc3be31ec4bcc3ef98453de2cb306e698\"\u003e\u003ccode\u003e7851e55\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3850\"\u003e#3850\u003c/a\u003e from github/mbg/private-registry/cloudsmith-gcp\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/262a15f6cf4c7a43d6a38ad76392e5e2d4977751\"\u003e\u003ccode\u003e262a15f\u003c/code\u003e\u003c/a\u003e Add generic non-printable chars test for OIDC configs\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/github/codeql-action/commit/a6109b1c07173a53ece3d179a925ff9644d1fabd\"\u003e\u003ccode\u003ea6109b1\u003c/code\u003e\u003c/a\u003e Merge pull request \u003ca href=\"https://redirect.github.com/github/codeql-action/issues/3853\"\u003e#3853\u003c/a\u003e from github/mbg/start-proxy/improved-checks\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href=\"https://github.com/github/codeql-action/compare/c10b8064de6f491fea524254123dbe5e09572f13...e46ed2cbd01164d986452f91f178727624ae40d7\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore \u003cdependency name\u003e major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)\n- `@dependabot ignore \u003cdependency name\u003e` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)\n- `@dependabot unignore \u003cdependency name\u003e` will remove all of the ignore conditions of the specified dependency\n- `@dependabot unignore \u003cdependency name\u003e \u003cignore condition\u003e` will remove the ignore condition of the specified dependency and ignore conditions\n\n\n\u003c/details\u003e","html_url":"https://github.com/marang/franz-agent/pull/1","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/marang%2Ffranz-agent/issues/1","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/1/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-04-26T10:23:16.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4330621861","node_id":"PR_kwDOSHI0pc7VtVM_","number":25,"state":"open","title":"chore(actions)(deps): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-26T10:23:16.000Z","updated_at":"2026-04-26T10:23:16.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(actions)(deps)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/cengo441337-a11y/phantomchat/pull/25","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/cengo441337-a11y%2Fphantomchat/issues/25","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/25/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-04-25T13:45:47.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4328248543","node_id":"PR_kwDOR5xqlc7VmUbr","number":32,"state":"closed","title":"chore(ci): bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":2,"pull_request":true,"closed_at":"2026-05-04T03:09:15.000Z","author_association":null,"state_reason":null,"created_at":"2026-04-25T13:45:47.000Z","updated_at":"2026-05-04T03:09:23.000Z","time_to_close":739408,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"chore(ci)","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n","html_url":"https://github.com/Cyberlearnix/cyberlearnix_website-dev/pull/32","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyberlearnix%2Fcyberlearnix_website-dev/issues/32","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/32/packages"}},{"old_version":"0.9.0","new_version":"0.10.0","update_type":"minor","path":null,"pr_created_at":"2026-04-24T23:19:56.000Z","version_change":"0.9.0 → 0.10.0","issue":{"uuid":"4326129656","node_id":"PR_kwDOSL6mG87Vfyvk","number":2,"state":"open","title":"Bump webfactory/ssh-agent from 0.9.0 to 0.10.0","user":"dependabot[bot]","labels":[],"assignees":[],"locked":false,"comments_count":1,"pull_request":true,"closed_at":null,"author_association":null,"state_reason":null,"created_at":"2026-04-24T23:19:56.000Z","updated_at":"2026-04-24T23:19:56.000Z","time_to_close":null,"merged_at":null,"merged_by":null,"closed_by":null,"dependency_metadata":{"prefix":"Bump","packages":[{"name":"webfactory/ssh-agent","old_version":"0.9.0","new_version":"0.10.0","repository_url":"https://github.com/webfactory/ssh-agent"}],"path":null,"ecosystem":"actions"},"body":"Bumps [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) from 0.9.0 to 0.10.0.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/releases\"\u003ewebfactory/ssh-agent's releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev0.10.0: Upgrade to node-24\u003c/h2\u003e\n\u003cp\u003eThis release upgrades from node 20 to node 24, preparing for Node 20's upcoming EOL and getting rid of the related warning message in GitHub.\u003c/p\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003euse node24 by \u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/jimmymcpeter\"\u003e\u003ccode\u003e@​jimmymcpeter\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/243\"\u003ewebfactory/ssh-agent#243\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.1...v0.10.0\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev0.9.1\u003c/h2\u003e\n\u003ch2\u003eWhat's Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eAcknowledge custom command inputs in cleanup.js by \u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/janopae\"\u003e\u003ccode\u003e@​janopae\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/pull/235\"\u003ewebfactory/ssh-agent#235\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\"\u003ehttps://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eChangelog\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href=\"https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md\"\u003ewebfactory/ssh-agent's changelog\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch1\u003eChangelog\u003c/h1\u003e\n\u003cp\u003eAll notable changes to this project will be documented in this file.\u003c/p\u003e\n\u003cp\u003eThe format is based on \u003ca href=\"https://keepachangelog.com/en/1.0.0/\"\u003eKeep a Changelog\u003c/a\u003e,\nand this project adheres to \u003ca href=\"https://semver.org/spec/v2.0.0.html\"\u003eSemantic Versioning\u003c/a\u003e.\u003c/p\u003e\n\u003ch2\u003e[Unreleased]\u003c/h2\u003e\n\u003ch2\u003ev0.9.1 [2024-03-17]\u003c/h2\u003e\n\u003ch3\u003eFixed\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003eFix path used to execute ssh-agent in cleanup.js to respect custom paths set by input (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e83874834305fe9a4a2997156cb26c5de65a8555\"\u003e\u003ccode\u003ee838748\u003c/code\u003e\u003c/a\u003e use node24 (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/243\"\u003e#243\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd\"\u003e\u003ccode\u003ea6f90b1\u003c/code\u003e\u003c/a\u003e Release v0.9.1\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e\"\u003e\u003ccode\u003e72c0bfd\u003c/code\u003e\u003c/a\u003e Improve documentation on why we use os.userInfo()\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4\"\u003e\u003ccode\u003ee3f1a8e\u003c/code\u003e\u003c/a\u003e Acknowledge custom command inputs in cleanup.js (\u003ca href=\"https://redirect.github.com/webfactory/ssh-agent/issues/235\"\u003e#235\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7\"\u003e\u003ccode\u003eb504c19\u003c/code\u003e\u003c/a\u003e Update CHANGELOG.md\u003c/li\u003e\n\u003cli\u003eSee full diff in \u003ca href=\"https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.10.0\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=webfactory/ssh-agent\u0026package-manager=github_actions\u0026previous-version=0.9.0\u0026new-version=0.10.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n[//]: # (dependabot-automerge-start)\n[//]: # (dependabot-automerge-end)\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\n\u003c/details\u003e","html_url":"https://github.com/LexLordAI/lexlord-backend/pull/2","url":"https://dependabot.ecosyste.ms/api/v1/hosts/GitHub/repositories/LexLordAI%2Flexlord-backend/issues/2","packages_url":"https://dependabot.ecosyste.ms/api/v1/issues/2/packages"}}]}