Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

ci: bump the github-actions group across 1 directory with 12 updates

Closed
Number: #20121
Type: Pull Request
State: Closed
Author: dependabot[bot] dependabot[bot]
Association: Contributor
Comments: 2
Created: October 01, 2025 at 07:36 PM UTC
(about 2 months ago)
Updated: October 06, 2025 at 11:10 AM UTC
(about 2 months ago)
Closed: October 06, 2025 at 11:10 AM UTC
(about 2 months ago)
Time to Close: 5 days
Labels:
dependencies github_actions
Description:

Bumps the github-actions group with 12 updates in the / directory:

Package From To
actions/checkout 4 5
actions/cache 4.2.4 4.3.0
crate-ci/typos 1.36.2 1.37.1
chromaui/action 13.2.0 13.3.0
docker/login-action 3.5.0 3.6.0
fluxcd/flux2 2.6.4 2.7.0
tj-actions/changed-files 4563c729c555b4141fac99c80f699f571219b836 212f9a7760ad2b8eb511185b841f3725a62c2ae0
nixbuild/nix-quick-install-action 33 34
peter-evans/find-comment 3.1.0 4.0.0
peter-evans/repository-dispatch 3.0.0 4.0.0
ossf/scorecard-action 2.4.2 2.4.3
github/codeql-action 3.30.3 3.30.5

Updates actions/checkout from 4 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1

... (truncated)

Commits

Updates actions/cache from 4.2.4 to 4.3.0

Release notes

Sourced from actions/cache's releases.

v4.3.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/cache/compare/v4...v4.3.0

Changelog

Sourced from actions/cache's changelog.

Releases

4.3.0

  • Bump @actions/cache to v4.1.0

4.2.4

  • Bump @actions/cache to v4.0.5

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

  • Bump @actions/cache to v4.0.2

4.2.1

  • Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

  • Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
  • Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

  • Restore original behavior of cache-hit output - #1467

4.1.0

  • Ensure cache-hit output is set when a cache is missed - #1404
  • Deprecate save-always input - #1452

... (truncated)

Commits
  • 0057852 Merge pull request #1655 from actions/Link-/prepare-4.3.0
  • 4f5ea67 Update licensed cache
  • 9fcad95 Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release
  • 638ed79 Merge pull request #1642 from actions/GhadimiR-patch-1
  • 3862dcc Add note on runner versions
  • See full diff in compare view

Updates crate-ci/typos from 1.36.2 to 1.37.1

Release notes

Sourced from crate-ci/typos's releases.

v1.37.1

[1.37.1] - 2025-10-01

Fixes

  • Don't offer corrections to ""

v1.37.0

[1.37.0] - 2025-09-30

Features

  • Updated the dictionary with the September 2025 changes
  • Pull in other dictionary updates

v1.36.3

[1.36.3] - 2025-09-25

Fixes

  • Fix typo in correction to analysises
Changelog

Sourced from crate-ci/typos's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[Unreleased] - ReleaseDate

[1.37.1] - 2025-10-01

Fixes

  • Don't offer corrections to ""

[1.37.0] - 2025-09-30

Features

  • Updated the dictionary with the September 2025 changes
  • Pull in other dictionary updates

[1.36.3] - 2025-09-25

Fixes

  • Fix typo in correction to analysises

[1.36.2] - 2025-09-04

Fixes

  • Fix regression from 1.36.1 when rendering an error for a line with invalid UTF-8

[1.36.1] - 2025-09-03

Fixes

  • Replaced the error rendering for various quality of life improvements

[1.36.0] - 2025-09-02

Features

[1.35.8] - 2025-09-02

[1.35.7] - 2025-08-29

... (truncated)

Commits

Updates chromaui/action from 13.2.0 to 13.3.0

Commits

Updates docker/login-action from 3.5.0 to 3.6.0

Release notes

Sourced from docker/login-action's releases.

v3.6.0

Full Changelog: https://github.com/docker/login-action/compare/v3.5.0...v3.6.0

Commits
  • 5e57cd1 Merge pull request #890 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 97e3143 chore: update generated content
  • 3a0796b build(deps): bump the aws-sdk-dependencies group with 2 updates
  • 5b7b28b Merge pull request #882 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • abc9fb3 chore: update generated content
  • d468688 build(deps): bump the aws-sdk-dependencies group with 2 updates
  • a99b2f8 Merge pull request #883 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 0d7fae8 chore: update generated content
  • 9832253 build(deps): bump @​docker/actions-toolkit from 0.62.1 to 0.63.0
  • 09e05bb Merge pull request #881 from docker/dependabot/npm_and_yarn/tmp-0.2.4
  • Additional commits viewable in compare view

Updates fluxcd/flux2 from 2.6.4 to 2.7.0

Release notes

Sourced from fluxcd/flux2's releases.

v2.7.0

Highlights

Flux v2.7.0 is a feature release. Users are encouraged to upgrade for the best experience.

For a compressive overview of new features and API changes included in this release, please refer to the Announcing Flux 2.7 GA blog post.

Overview of the new features:

  • General availability release of the Image Automation APIs (ImagePolicy, ImageRepository, ImageUpdateAutomation)
  • Watch for changes in ConfigMaps and Secrets references (Kustomization, HelmRelease)
  • Support for remote cluster authentication using Workload Identity (Kustomization, HelmRelease)
  • Extend the readiness evaluation of dependencies with CEL expressions (Kustomization, HelmRelease)
  • Support for global SOPS Age decryption keys on single-tenant clusters (Kustomization)
  • Support for optional Kustomize components (Kustomization)
  • Introduce RetryOnFailure lifecycle management strategy (HelmRelease)
  • Support mTLS for sending alerts to external systems (Provider)
  • Object-level workload identity authentication (Bucket, Provider)
  • Support mTLS for GitHub App transport (GitRepository, ImageUpdateAutomation, Provider)
  • OpenTelemetry tracing for Kustomization and HelmRelease reconciliation (Provider)
  • Support for 3rd-party source controllers (ExternalArtifact)
  • Support for source composition and decomposition patterns (ArtifactGenerator)
  • CancelHealthCheckOnNewRevision feature gate (kustomize-controller)
  • GitSparseCheckout feature gate (image-automation-controller)

❤️ Big thanks to all the Flux contributors that helped us with this release!

Kubernetes compatibility

This release is compatible with the following Kubernetes versions:

Kubernetes version Minimum required
v1.32 >= 1.32.0
v1.33 >= 1.33.0
v1.34 >= 1.34.1

[!NOTE] Note that the Flux project offers support only for the latest three minor versions of Kubernetes. Backwards compatibility with older versions of Kubernetes and OpenShift is offered by vendors such as ControlPlane that provide enterprise support for Flux.

OpenShift compatibility

Flux can be installed on Red Hat OpenShift cluster directly from OperatorHub using Flux Operator. The operator allows the configuration of Flux multi-tenancy lockdown, network policies, persistent storage, sharding, vertical scaling and the synchronization of the cluster state from Git repositories, OCI artifacts, and S3-compatible storage.

Upgrade procedure

:warning: The Flux APIs v1beta1 and v2beta1 (deprecated in 2023) have reached end-of-life and have been removed from the CRDs.

... (truncated)

Commits
  • f251e8e Merge pull request #5509 from RussellAult/action-without-api
  • 44f0d50 fluxcd/flux2/action: Determine latest version without using GitHub API
  • 4664d49 Merge pull request #5542 from fluxcd/update-components
  • 2997645 Update toolkit components
  • 3247a46 Merge pull request #5541 from fluxcd/debug-ks-history
  • b5ecb9b Add --show-history flag to debug kustomization
  • 5502606 Merge pull request #5540 from fluxcd/update-components
  • b52d76d Update toolkit components
  • 95b2d85 Merge pull request #5539 from fluxcd/no-cron-for-update
  • 52e0c98 ci: remove cron schedule from update
  • Additional commits viewable in compare view

Updates tj-actions/changed-files from 4563c729c555b4141fac99c80f699f571219b836 to 212f9a7760ad2b8eb511185b841f3725a62c2ae0

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.0 - (2025-09-13)

🚀 Features

➖ Remove

  • Commit and push step from build job (#2538) (be393a9) - (Tonye Jack)

🔄 Update

  • Updated README.md (#2592)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (3dbc1e1) - (github-actions[bot])

  • Updated README.md (#2591)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (b1ccff8) - (github-actions[bot])

  • Updated README.md (#2574)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (050a3d3) - (github-actions[bot])

📚 Documentation

  • Update link to glob patterns (#2590) (a892f50) - (Tonye Jack)
  • Add Jellyfrog as a contributor for code, and doc (#2573) (f000a9b) - (allcontributors[bot])

🧪 Testing

  • Manual triggered workflows (#2637) (c2ca249) - (Tonye Jack)

⚙️ Miscellaneous Tasks

  • deps-dev: Bump jest from 30.0.5 to 30.1.3 (#2655) (9a67555) - (dependabot[bot])
  • deps: Bump tj-actions/git-cliff from 2.1.0 to 2.2.0 (#2660) (b67e30d) - (dependabot[bot])
  • deps: Bump github/codeql-action from 3.30.2 to 3.30.3 (#2661) (62aef42) - (dependabot[bot])
  • deps: Bump github/codeql-action from 3.29.11 to 3.30.2 (#2659) (e874f3c) - (dependabot[bot])
  • deps: Bump actions/setup-node from 4.4.0 to 5.0.0 (#2656) (8c14441) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 24.3.0 to 24.3.1 (#2657) (e995ac4) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 24.2.1 to 24.3.0 (#2649) (3b04099) - (dependabot[bot])
  • deps: Bump github/codeql-action from 3.29.9 to 3.29.11 (#2651) (e7b6c97) - (dependabot[bot])
  • deps: Bump tj-actions/git-cliff from 2.0.2 to 2.1.0 (#2648) (765d62b) - (dependabot[bot])
  • deps: Bump github/codeql-action from 3.29.8 to 3.29.9 (#2647) (2036da1) - (dependabot[bot])
  • deps: Bump github/codeql-action from 3.29.7 to 3.29.8 (#2644) (239aef8) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 24.2.0 to 24.2.1 (#2645) (a7d5f5f) - (dependabot[bot])
  • deps: Bump actions/checkout from 4.2.2 to 5.0.0 (#2646) (5107f3a) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 24.1.0 to 24.2.0 (#2640) (f963b3f) - (dependabot[bot])
  • deps: Bump actions/download-artifact from 4.3.0 to 5.0.0 (#2641) (f956744) - (dependabot[bot])

... (truncated)

Commits
  • 212f9a7 chore(deps-dev): bump jest from 30.1.3 to 30.2.0 (#2677)
  • 0dc2215 chore(deps): bump github/codeql-action from 3.30.4 to 3.30.5 (#2676)
  • 28cf3ad chore(deps-dev): bump ts-jest from 29.4.3 to 29.4.4 (#2672)
  • 0b7adf7 chore(deps): bump github/codeql-action from 3.30.3 to 3.30.4 (#2675)
  • See full diff in compare view

Updates nixbuild/nix-quick-install-action from 33 to 34

Release notes

Sourced from nixbuild/nix-quick-install-action's releases.

nixbuild/nix-quick-install-action@v34

Changes

  • Update Nix versions: 2.31.0 -> 2.31.2, 2.30.0 -> 2.30.3, 2.29.1 -> 2.29.2, 2.28.4 -> 2.28.5.

  • Bump default Nix version: 2.29.1 -> 2.29.2

Supported Nix Versions on x86_64-linux runners

  • 2.31.2
  • 2.30.3
  • 2.29.2
  • 2.28.5
  • 2.26.4
  • 2.24.15
  • 2.3.18

Supported Nix Versions on aarch64-linux runners

  • 2.31.2
  • 2.30.3
  • 2.29.2
  • 2.28.5
  • 2.26.4
  • 2.24.15

Supported Nix Versions on x86_64-darwin runners

  • 2.31.2
  • 2.30.3
  • 2.29.2
  • 2.28.5
  • 2.26.4
  • 2.24.15
  • 2.3.18
Changelog

Sourced from nixbuild/nix-quick-install-action's changelog.

v34

Changes

  • Update Nix versions: 2.31.0 -> 2.31.2, 2.30.0 -> 2.30.3, 2.29.1 -> 2.29.2, 2.28.4 -> 2.28.5.

  • Bump default Nix version: 2.29.1 -> 2.29.2

Commits

Updates peter-evans/find-comment from 3.1.0 to 4.0.0

Release notes

Sourced from peter-evans/find-comment's releases.

Find Comment v4.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

... (truncated)

Commits
  • b30e6a3 feat: v4 (#389)
  • b4929e7 build(deps-dev): bump @​types/node from 18.19.124 to 18.19.127 (#388)
  • 1f47d94 build(deps-dev): bump @​vercel/ncc from 0.38.3 to 0.38.4 (#387)
  • a723a15 build(deps): bump actions/setup-node from 4 to 5 (#386)
  • 8bacb1b build(deps-dev): bump @​types/node from 18.19.123 to 18.19.124 (#385)
  • 048de65 build(deps): bump actions/checkout from 4 to 5 (#384)
  • c02750f build(deps-dev): bump @​types/node from 18.19.122 to 18.19.123 (#383)
  • 092c582 build(deps): bump actions/download-artifact from 4 to 5 (#382)
  • c115bb0 build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 (#381)
  • 8d3be5d build(deps-dev): bump @​types/node from 18.19.121 to 18.19.122 (#380)
  • Additional commits viewable in compare view

Updates peter-evans/repository-dispatch from 3.0.0 to 4.0.0

Release notes

Sourced from peter-evans/repository-dispatch's releases.

Repository Dispatch v4.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

Package Dependencies
Package:
 actions/checkout
Ecosystem:
actions
Version Change:
4 → 5
Package:
actions/cache
Ecosystem:
actions
Version Change:
4.2.4 → 4.3.0
Update Type:
Minor
Package:
github/codeql-action
Ecosystem:
actions
Version Change:
3.30.3 → 3.30.5
Update Type:
Patch
Package:
ossf/scorecard-action
Ecosystem:
actions
Version Change:
2.4.2 → 2.4.3
Update Type:
Patch
Package:
tj-actions/changed-files
Ecosystem:
actions
Version Change:
4563c729c555b4141fac99c80f699f571219b836 → 212f9a7760ad2b8eb511185b841f3725a62c2ae0
Package:
docker/login-action
Ecosystem:
actions
Version Change:
3.5.0 → 3.6.0
Update Type:
Minor
Package:
chromaui/action
Ecosystem:
actions
Version Change:
13.2.0 → 13.3.0
Update Type:
Minor
Package:
crate-ci/typos
Ecosystem:
actions
Version Change:
1.36.2 → 1.37.1
Update Type:
Minor
Package:
fluxcd/flux2
Ecosystem:
actions
Version Change:
2.6.4 → 2.7.0
Update Type:
Minor
Package:
peter-evans/repository-dispatch
Ecosystem:
actions
Version Change:
3.0.0 → 4.0.0
Update Type:
Major
Package:
peter-evans/find-comment
Ecosystem:
actions
Version Change:
3.1.0 → 4.0.0
Update Type:
Major
Package:
nixbuild/nix-quick-install-action
Ecosystem:
actions
Version Change:
33 → 34
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 9103672
UUID: 2879422352
Node ID: PR_kwDOGkVX1s6roH-Q
Host: GitHub
Repository: coder/coder
Mergeable: Yes
Merge State: Clean