Bump the actions-minor group across 1 directory with 2 updates#3965
Merged
mbg merged 2 commits intoJun 17, 2026
Merged
Conversation
Bumps the actions-minor group with 2 updates in the /.github/workflows directory: [actions/setup-java](https://github.com/actions/setup-java) and [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `actions/setup-java` from 5.2.0 to 5.3.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@be666c2...ad2b381) Updates `ruby/setup-ruby` from 1.310.0 to 1.312.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@afeafc3...12fd324) --- updated-dependencies: - dependency-name: actions/setup-java dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor - dependency-name: ruby/setup-ruby dependency-version: 1.312.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor ... Signed-off-by: dependabot[bot] <support@github.com>
github-actions
Bot
added
size/XS
Contributor
|
Pushed a commit to rebuild the Action. Please mark the PR as ready for review to trigger PR checks. |
Contributor
There was a problem hiding this comment.
Warning
- Copilot's review of this pull request may be incomplete because some of the changed files are excluded by your Copilot content exclusion settings. See Excluding content from Copilot for details.
Pull request overview
This PR updates pinned GitHub Action dependencies used by the PR-check workflow generation/templates, bumping actions/setup-java and ruby/setup-ruby to newer patch/minor releases. This keeps the repository’s generated CI checks aligned with upstream action fixes and security updates while preserving commit-SHA pinning.
Changes:
- Bump
actions/setup-javafromv5.2.0tov5.3.0(pinned by commit SHA) in the PR-check generator. - Bump
ruby/setup-rubyfromv1.310.0tov1.312.0(pinned by commit SHA) in the RuboCop multi-language check template. - Regenerate corresponding
.github/workflows/__*.ymloutputs (contents excluded by policy).
Show a summary per file
| File | Description |
|---|---|
| pr-checks/sync.ts | Updates the pinned actions/setup-java SHA/version used when generating workflows. |
| pr-checks/checks/rubocop-multi-language.yml | Updates the pinned ruby/setup-ruby SHA/version in the RuboCop multi-language template. |
| .github/workflows/__build-mode-autobuild.yml | Generated workflow updated (content excluded by policy). |
| .github/workflows/__rubocop-multi-language.yml | Generated workflow updated (content excluded by policy). |
| .github/workflows/__autobuild-direct-tracing-with-working-dir.yml | Generated workflow updated (content excluded by policy). |
Copilot's findings
Files excluded by content exclusion policy (3)
- .github/workflows/__autobuild-direct-tracing-with-working-dir.yml
- .github/workflows/__build-mode-autobuild.yml
- .github/workflows/__rubocop-multi-language.yml
- Files reviewed: 2/5 changed files
- Comments generated: 0
mbg
approved these changes
Jun 17, 2026
mbg
deleted the
dependabot/github_actions/dot-github/workflows/actions-minor-ea9362b8e5
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the actions-minor group with 2 updates in the /.github/workflows directory: actions/setup-java and ruby/setup-ruby.
Updates
actions/setup-javafrom 5.2.0 to 5.3.0Release notes
Sourced from actions/setup-java's releases.
Commits
ad2b381Bump@vercel/nccfrom 0.38.1 to 0.44.0 (#1018)b24df5bMake the Adoptopenjdk package type look at the Temurin repo first for latest ...43120bcImplement pagination with link headers for Adoptium based apis (#1014)ad9d6a6Bump@types/nodefrom 24.1.0 to 25.9.3 (#950)039af37Bump picomatch,@types/jest, jest, jest-circus and ts-jest (#1016)1756ab6Bump eslint-config-prettier from 8.10.0 to 10.1.8 (#881)662bb59Bump@typescript-eslint/eslint-pluginfrom 8.35.1 to 8.46.2 (#952)1071fc1fix: resolve npm audit vulnerabilities in fast-xml-builder and fast-xml-parse...576b821Merge pull request #674 from gdams/alpine307d3a2update readme for ubuntu sudo java_home behavior (#1013)Updates
ruby/setup-rubyfrom 1.310.0 to 1.312.0Release notes
Sourced from ruby/setup-ruby's releases.
Commits
12fd324Use BUNDLE_LOCKFILE when detecting the lockfilea99ac84Add jruby-9.4.15.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions