Skip to content

build(deps): bump the github-actions group across 1 directory with 16 updates#39

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-53c0599a1a
Open

build(deps): bump the github-actions group across 1 directory with 16 updates#39
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-53c0599a1a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown

Bumps the github-actions group with 16 updates in the / directory:

Package From To
actions/checkout 6.0.2 7.0.0
actions/setup-node 6.3.0 6.4.0
actions/setup-go 6.3.0 6.5.0
ko-build/setup-ko 0.9 0.10
docker/metadata-action 6.0.0 6.1.0
docker/login-action 4.0.0 4.2.0
actions/attest-build-provenance 4.1.0 4.1.1
docker/setup-buildx-action 4.0.0 4.1.0
docker/build-push-action 7.0.0 7.2.0
actions-hub/kubectl 1.35.3 1.36.2
actions/cache 5.0.3 6.1.0
actions/upload-artifact 7.0.0 7.0.1
check-spelling/check-spelling 0.0.25 0.0.26
shimataro/ssh-key-action 2.8.0 2.8.1
astral-sh/setup-uv 7.3.0 8.2.0
github/codeql-action/upload-sarif 4.31.9 4.36.2

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

Updates actions/setup-go from 6.3.0 to 6.5.0

Release notes

Sourced from actions/setup-go's releases.

v6.5.0

What's Changed

Dependency update

New Contributors

Full Changelog: actions/setup-go@v6...v6.5.0

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

Full Changelog: actions/setup-go@v6...v6.4.0

Commits

Updates ko-build/setup-ko from 0.9 to 0.10

Release notes

Sourced from ko-build/setup-ko's releases.

v0.10

What's Changed

New Contributors

Full Changelog: ko-build/setup-ko@v0.9...v0.10

Commits
  • 61b4d1d Merge pull request #66 from ko-build/copilot/address-findings-report
  • 92951cd Harden composite action shell input handling
  • 369dc1f Merge pull request #64 from ko-build/dependabot/github_actions/actions/checko...
  • aa4f2f2 Bump actions/checkout from 6.0.3 to 7.0.0
  • 2e5f3a9 Merge pull request #62 from ko-build/dependabot/github_actions/all-22d6a8b472
  • fefb89f Update use-action.yaml
  • 074c423 Update Go version from 1.25 to 1.26 in CI workflow
  • d43b839 Bump the all group across 1 directory with 2 updates
  • 8719e8e Merge pull request #60 from ko-build/dependabot/github_actions/all-2c6e677ddc
  • 9beb6ab Bump actions/setup-go from 6.2.0 to 6.3.0 in the all group
  • Additional commits viewable in compare view

Updates docker/metadata-action from 6.0.0 to 6.1.0

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

Commits
  • 80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 8e0ddab chore: update generated content
  • a8db14b chore(deps): Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
  • 63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
  • c6916a6 chore: update generated content
  • aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
  • 9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
  • 43dea76 chore: update generated content
  • 7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
  • e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
  • Additional commits viewable in compare view

Updates docker/login-action from 4.0.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

Full Changelog: docker/login-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits
  • 650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 99df1a3 chore: update generated content
  • 3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • 39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 4eefcd3 chore: update generated content
  • 56d092c build(deps): bump @​docker/actions-toolkit from 0.86.0 to 0.90.0
  • e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
  • 0bced94 chore: update generated content
  • 3e75a0f build(deps): bump @​actions/core from 3.0.0 to 3.0.1
  • 365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
  • Additional commits viewable in compare view

Updates actions/attest-build-provenance from 4.1.0 to 4.1.1

Release notes

Sourced from actions/attest-build-provenance's releases.

v4.1.1

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

Full Changelog: actions/attest-build-provenance@v4.1.0...v4.1.1

Commits

Updates docker/setup-buildx-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.1.0

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits
  • d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 92bc5c9 chore: update generated content
  • da11e35 build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
  • f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
  • b5af94f chore: update generated content
  • 16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
  • d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
  • 28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
  • daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
  • 9725348 chore: update generated content
  • Additional commits viewable in compare view

Updates docker/build-push-action from 7.0.0 to 7.2.0

Release notes

Sourced from docker/build-push-action's releases.

v7.2.0

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

v7.1.0

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

Commits
  • f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 812d5fd chore: update generated content
  • b6f6693 chore(deps): Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0
  • c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
  • 51bb284 chore: update generated content
  • 5f7884d chore(deps): Bump @​actions/core from 3.0.0 to 3.0.1
  • e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
  • 3804d49 chore: update generated content
  • 71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
  • 4925ad2 Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10
  • Additional commits viewable in compare view

Updates actions-hub/kubectl from 1.35.3 to 1.36.2

Commits

Updates actions/cache from 5.0.3 to 6.1.0

Release notes

Sourced from actions/cache's releases.

v6.1.0

What's Changed

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

New Contributors

Full Changelog: actions/cache@v5...v5.0.4

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR feedback
  • 6074912 Rebuild dist bundles as ESM to match type:module
  • 5a912e8 Fix lint and jest issues
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)...

    Description has been truncated

… updates

Bumps the github-actions group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.3.0` | `6.5.0` |
| [ko-build/setup-ko](https://github.com/ko-build/setup-ko) | `0.9` | `0.10` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.2.0` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `4.1.0` | `4.1.1` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.0.0` | `7.2.0` |
| [actions-hub/kubectl](https://github.com/actions-hub/kubectl) | `1.35.3` | `1.36.2` |
| [actions/cache](https://github.com/actions/cache) | `5.0.3` | `6.1.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [check-spelling/check-spelling](https://github.com/check-spelling/check-spelling) | `0.0.25` | `0.0.26` |
| [shimataro/ssh-key-action](https://github.com/shimataro/ssh-key-action) | `2.8.0` | `2.8.1` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.3.0` | `8.2.0` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.31.9` | `4.36.2` |



Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@53b8394...48b55a0)

Updates `actions/setup-go` from 6.3.0 to 6.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4b73464...924ae3a)

Updates `ko-build/setup-ko` from 0.9 to 0.10
- [Release notes](https://github.com/ko-build/setup-ko/releases)
- [Commits](ko-build/setup-ko@d006021...61b4d1d)

Updates `docker/metadata-action` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@030e881...80c7e94)

Updates `docker/login-action` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@b45d80f...650006c)

Updates `actions/attest-build-provenance` from 4.1.0 to 4.1.1
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@a2bbfa2...0f67c3f)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f)

Updates `docker/build-push-action` from 7.0.0 to 7.2.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@d08e5c3...f9f3042)

Updates `actions-hub/kubectl` from 1.35.3 to 1.36.2
- [Release notes](https://github.com/actions-hub/kubectl/releases)
- [Commits](actions-hub/kubectl@934aaa4...2d0675e)

Updates `actions/cache` from 5.0.3 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@cdf6c1f...55cc834)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `check-spelling/check-spelling` from 0.0.25 to 0.0.26
- [Release notes](https://github.com/check-spelling/check-spelling/releases)
- [Commits](check-spelling/check-spelling@c635c2f...cfb6f7e)

Updates `shimataro/ssh-key-action` from 2.8.0 to 2.8.1
- [Release notes](https://github.com/shimataro/ssh-key-action/releases)
- [Changelog](https://github.com/shimataro/ssh-key-action/blob/v2/CHANGELOG.md)
- [Commits](shimataro/ssh-key-action@6b84f2e...87a8f06)

Updates `astral-sh/setup-uv` from 7.3.0 to 8.2.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@eac588a...fac544c)

Updates `github/codeql-action/upload-sarif` from 4.31.9 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@5d4e8d1...8aad20d)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-go
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: ko-build/setup-ko
  dependency-version: '0.10'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/metadata-action
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/attest-build-provenance
  dependency-version: 4.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions-hub/kubectl
  dependency-version: 1.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: check-spelling/check-spelling
  dependency-version: 0.0.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: shimataro/ssh-key-action
  dependency-version: 2.8.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 6, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 6, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Updated (UTC)
❌ Deployment failed
View logs
workers-playground-shrill-glitter-14b4 efbf04d Jul 06 2026, 08:31 AM

echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV

- uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "24.11.0"
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant