Bump the actions group across 1 directory with 3 updates
Closed
Number: #8
Type: Pull Request
State: Closed
Type: Pull Request
State: Closed
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: None
Comments: 1
dependabot[bot]Association: None
Comments: 1
Created:
September 01, 2025 at 08:54 AM UTC
(10 months ago)
(10 months ago)
Updated:
September 08, 2025 at 03:39 AM UTC
(9 months ago)
(9 months ago)
Closed:
September 08, 2025 at 03:39 AM UTC
(9 months ago)
(9 months ago)
Time to Close:
7 days
Labels:
dependencies github_actions
dependencies github_actions
Description:
Bumps the actions group with 3 updates in the / directory: actions/checkout, actions/download-artifact and actions/attest-build-provenance.
Updates actions/checkout from 4 to 5
Release notes
Sourced from actions/checkout's releases.
v5.0.0
What's Changed
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226- Prepare v5.0.0 release by
@salmanmkcin actions/checkout#2238⚠️ Minimum Compatible Runner Version
v2.327.1
Release NotesMake sure your runner is updated to this version or newer to use this release.
Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0
v4.3.0
What's Changed
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236- Prepare release v4.3.0 by
@salmanmkcin actions/checkout#2237New Contributors
@motssmade their first contribution in actions/checkout#1971@mouismailmade their first contribution in actions/checkout#1977@benwellsmade their first contribution in actions/checkout#2043@nebuk89made their first contribution in actions/checkout#2194@salmanmkcmade their first contribution in actions/checkout#2236Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0
v4.2.2
What's Changed
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2
v4.2.1
What's Changed
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924New Contributors
@Jcambassmade their first contribution in actions/checkout#1919Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
Changelog
V5.0.0
- Update actions checkout to use node 24 by
@salmanmkcin actions/checkout#2226V4.3.0
- docs: update README.md by
@motssin actions/checkout#1971- Add internal repos for checking out multiple repositories by
@mouismailin actions/checkout#1977- Documentation update - add recommended permissions to Readme by
@benwellsin actions/checkout#2043- Adjust positioning of user email note and permissions heading by
@joshmgrossin actions/checkout#2044- Update README.md by
@nebuk89in actions/checkout#2194- Update CODEOWNERS for actions by
@TingluoHuangin actions/checkout#2224- Update package dependencies by
@salmanmkcin actions/checkout#2236v4.2.2
url-helper.tsnow leverages well-known environment variables by@jww3in actions/checkout#1941- Expand unit test coverage for
isGhesby@jww3in actions/checkout#1946v4.2.1
- Check out other refs/* by commit if provided, fall back to ref by
@orhantoyin actions/checkout#1924v4.2.0
- Add Ref and Commit outputs by
@lucacomein actions/checkout#1180- Dependency updates by
@dependabot- actions/checkout#1777, actions/checkout#1872v4.1.7
- Bump the minor-npm-dependencies group across 1 directory with 4 updates by
@dependabotin actions/checkout#1739- Bump actions/checkout from 3 to 4 by
@dependabotin actions/checkout#1697- Check out other refs/* by commit by
@orhantoyin actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable version. by
@jww3in actions/checkout#1776v4.1.6
- Check platform to set archive extension appropriately by
@cory-millerin actions/checkout#1732v4.1.5
- Update NPM dependencies by
@cory-millerin actions/checkout#1703- Bump github/codeql-action from 2 to 3 by
@dependabotin actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
@dependabotin actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
@dependabotin actions/checkout#1695- README: Suggest
user.emailto be41898282+github-actions[bot]@users.noreply.github.comby@cory-millerin actions/checkout#1707v4.1.4
- Disable
extensions.worktreeConfigwhen disablingsparse-checkoutby@jww3in actions/checkout#1692- Add dependabot config by
@cory-millerin actions/checkout#1688- Bump the minor-actions-dependencies group with 2 updates by
@dependabotin actions/checkout#1693- Bump word-wrap from 1.2.3 to 1.2.5 by
@dependabotin actions/checkout#1643v4.1.3
... (truncated)
Commits
08c6903Prepare v5.0.0 release (#2238)9f26565Update actions checkout to use node 24 (#2226)- See full diff in compare view
Updates actions/download-artifact from 4 to 5
Release notes
Sourced from actions/download-artifact's releases.
v5.0.0
What's Changed
- Update README.md by
@nebuk89in actions/download-artifact#407- BREAKING fix: inconsistent path behavior for single artifact downloads by ID by
@GrantBirkiin actions/download-artifact#416v5.0.0
🚨 Breaking Change
This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.
What Changed
Previously, single artifact downloads behaved differently depending on how you specified the artifact:
- By name:
name: my-artifact→ extracted topath/(direct)- By ID:
artifact-ids: 12345→ extracted topath/my-artifact/(nested)Now both methods are consistent:
- By name:
name: my-artifact→ extracted topath/(unchanged)- By ID:
artifact-ids: 12345→ extracted topath/(fixed - now direct)Migration Guide
✅ No Action Needed If:
- You download artifacts by name
- You download multiple artifacts by ID
- You already use
merge-multiple: trueas a workaround⚠️ Action Required If:
You download single artifacts by ID and your workflows expect the nested directory structure.
Before v5 (nested structure):
- uses: actions/download-artifact@v4 with: artifact-ids: 12345 path: dist # Files were in: dist/my-artifact/Where
my-artifactis the name of the artifact you previously uploadedTo maintain old behavior (if needed):
</tr></table>
... (truncated)
Commits
634f93cMerge pull request #416 from actions/single-artifact-id-download-pathb19ff43refactor: resolve download path correctly in artifact download tests (mainly ...e262cbebundle distbff23f9update docsfff8c14fix download path logic when downloading a single artifact by id448e3f8Merge pull request #407 from actions/nebuk89-patch-147225c4Update README.md- See full diff in compare view
Updates actions/attest-build-provenance from 2 to 3
Release notes
Sourced from actions/attest-build-provenance's releases.
v3.0.0
What's Changed
- Adjust node max-http-header-size setting by
@bdehamerin actions/attest-build-provenance#687- Bump actions/attest from v2.4.0 to v3.0.0 by
@bdehamerin actions/attest-build-provenance#691
- Bump to node24 runtime
- Improved checksum parsing
- Bump attest-build-provenance/predicate to v2.0.0 by
@bdehamerin actions/attest-build-provenance#693
- Bump to node24 runtime by
@bdehamerin actions/attest-build-provenance#692⚠️ Minimum Compatible Runner Version
v2.327.1 Release Notes
Make sure your runner is updated to this version or newer to use this release.
Full Changelog: https://github.com/actions/attest-build-provenance/compare/v2.4.0...v3.0.0
v2.4.0
What's Changed
- Bump undici from 5.28.5 to 5.29.0 by
@dependabotin actions/attest-build-provenance#633- Bump actions/attest from 2.3.0 to 2.4.0 by
@bdehamerin actions/attest-build-provenance#654
- Includes support for the new well-known summary file which will accumulate paths to all attestations generated in a given workflow run
Full Changelog: https://github.com/actions/attest-build-provenance/compare/v2.3.0...v2.4.0
v2.3.0
What's Changed
- Bump
actions/attestfrom 2.2.1 to 2.3.0 by@bdehamerin actions/attest-build-provenance#615
- Updates
@sigstore/ocifrom 0.4.0 to 0.5.0Full Changelog: https://github.com/actions/attest-build-provenance/compare/v2.2.3...v2.3.0
v2.2.3
What's Changed
- Pin actions/attest reference by commit SHA by
@bdehamerin actions/attest-build-provenance#493Full Changelog: https://github.com/actions/attest-build-provenance/compare/v2.2.2...v2.2.3
v2.2.2
What's Changed
- Bump predicate action from 1.1.4 to 1.1.5 by
@bdehamerin actions/attest-build-provenance#485
- Bump
@actions/attestfrom 1.5.0 to 1.6.0 by@bdehamerin actions/attest-build-provenance#484
- Update buildSLSAProvenancePredicate to populate
workflow.reffield from therefclaim in the OIDC token (actions/toolkit#1969)Full Changelog: https://github.com/actions/attest-build-provenance/compare/v2.2.1...v2.2.2
v2.2.1
... (truncated)
Commits
977bb37bump attest-build-provenance/predicate to v2.0.0 (#693)864457aBump to node24 runtime (#692)57aa2b0bump actions/attest from v2.4.0 to v3.0.0 (#691)8ee7163refactor eslint config (#690)91ca1c2Bump actions/checkout from 4.1.1 to 5.0.0 (#684)ff19f40custom node max-http-header-size (#687)8bd83f1pin workflow deps (#683)f0878deBump the npm-development group with 4 updates (#681)463e6dfBump the npm-development group with 3 updates (#678)fef91c1Bump the npm-development group with 6 updates (#673)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
Pull Request Statistics
Commits:
0
0
Files Changed:
0
0
Additions:
+0
+0
Deletions:
-0
-0
Package Dependencies
Technical Details
| ID: | 7125451 |
| UUID: | 3371842460 |
| Node ID: | PR_kwDOOpfpFs6mPcoJ |
| Host: | GitHub |
| Repository: | scientific-python/api-tracer |