Skip to content

Bump the actions group across 1 directory with 7 updates#1270

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-ff5ec6ee0d
Open

Bump the actions group across 1 directory with 7 updates#1270
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-ff5ec6ee0d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 16, 2026
edited
Loading

Bumps the actions group with 7 updates in the / directory:

Package From To
actions/checkout 5 6
tj-actions/changed-files 46.0.5 47.0.6
github/codeql-action 3 4
actions/setup-node 4 6
release-drafter/release-drafter 6 7
peter-evans/slash-command-dispatch 4 5
actions/github-script 7.0.1 9.0.0

Updates actions/checkout from 5 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates tj-actions/changed-files from 46.0.5 to 47.0.6

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.6

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.5...v47.0.6

v47.0.5

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.4...v47.0.5

v47.0.4

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.3...v47.0.4

... (truncated)

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.6 - (2026-04-18)

🔄 Update

  • Updated README.md (#2817)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (c23d52b) - (github-actions[bot])

⚙️ Miscellaneous Tasks

  • deps: Bump lodash from 4.17.23 to 4.18.1 (#2837) (9426d40) - (dependabot[bot])
  • deps: Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#2843) (32de080) - (dependabot[bot])
  • deps: Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#2844) (2487d12) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 25.5.0 to 25.6.0 (#2846) (cef85a3) - (dependabot[bot])
  • deps-dev: Bump prettier from 3.8.1 to 3.8.3 (#2848) (7b082de) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.35.1 to 4.35.2 (#2849) (07224ca) - (dependabot[bot])
  • deps-dev: Bump jest from 30.2.0 to 30.3.0 (#2822) (2bb1357) - (dependabot[bot])
  • deps: Bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (#2829) (cc98117) - (dependabot[bot])
  • deps: Bump yaml from 2.8.2 to 2.8.3 (#2830) (786e421) - (dependabot[bot])
  • deps-dev: Bump eslint-plugin-jest from 29.15.0 to 29.15.1 (#2831) (726b41b) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.32.6 to 4.35.1 (#2834) (2c3585e) - (dependabot[bot])
  • deps: Bump actions/download-artifact from 8.0.0 to 8.0.1 (#2824) (3d37a7f) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 25.3.5 to 25.5.0 (#2825) (445b0eb) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.32.5 to 4.32.6 (#2819) (4f892cd) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 25.3.3 to 25.3.5 (#2820) (6118651) - (dependabot[bot])
  • deps: Bump actions/setup-node from 6.2.0 to 6.3.0 (#2818) (e517d7a) - (dependabot[bot])

⬆️ Upgrades

  • Upgraded to v47.0.5 (#2816)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (4750530) - (github-actions[bot])

47.0.5 - (2026-03-03)

🔄 Update

  • Updated README.md (#2805)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (35dace0) - (github-actions[bot])

  • Updated README.md (#2803)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> Co-authored-by: Tonye Jack jtonye@ymail.com (9ee99eb) - (github-actions[bot])

⚙️ Miscellaneous Tasks

... (truncated)

Commits
  • 9426d40 chore(deps): bump lodash from 4.17.23 to 4.18.1 (#2837)
  • 32de080 chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#2843)
  • 2487d12 chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#2844)
  • cef85a3 chore(deps-dev): bump @​types/node from 25.5.0 to 25.6.0 (#2846)
  • 7b082de chore(deps-dev): bump prettier from 3.8.1 to 3.8.3 (#2848)
  • 07224ca chore(deps): bump github/codeql-action from 4.35.1 to 4.35.2 (#2849)
  • 2bb1357 chore(deps-dev): bump jest from 30.2.0 to 30.3.0 (#2822)
  • cc98117 chore(deps): bump nrwl/nx-set-shas from 4.4.0 to 5.0.1 (#2829)
  • 786e421 chore(deps): bump yaml from 2.8.2 to 2.8.3 (#2830)
  • 726b41b chore(deps-dev): bump eslint-plugin-jest from 29.15.0 to 29.15.1 (#2831)
  • Additional commits viewable in compare view

Updates github/codeql-action from 3 to 4

Release notes

Sourced from github/codeql-action's releases.

v3.35.2

  • The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
  • The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
  • Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
  • Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
  • Update default CodeQL bundle version to 2.25.2. #3823

v3.35.1

v3.35.0

v3.34.1

  • Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

v3.34.0

  • Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569
  • We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584
  • Update default CodeQL bundle version to 2.25.0. #3585

v3.33.0

  • Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562 To opt out of this change:
    • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
    • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
    • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557
  • The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559
  • Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563
  • Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564
  • A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

v3.32.6

  • Update default CodeQL bundle version to 2.24.3. #3548

v3.32.5

  • Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507
  • Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487
  • The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515
  • Reduced log levels for best-effort private package registry connection check failures to reduce noise from workflow annotations. #3516
  • Added an experimental change which lowers the minimum disk space requirement for improved incremental analysis, enabling it to run on standard GitHub Actions runners. We expect to roll this change out to everyone in March. #3498
  • Added an experimental change which allows the start-proxy action to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512
  • The previously experimental changes from versions 4.32.3, 4.32.4, 3.32.3 and 3.32.4 are now enabled by default. #3503, #3504

v3.32.4

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

4.32.3 - 13 Feb 2026

  • Added experimental support for testing connections to private package registries. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for Default Setup. #3466

4.32.2 - 05 Feb 2026

  • Update default CodeQL bundle version to 2.24.1. #3460

4.32.1 - 02 Feb 2026

  • A warning is now shown in Default Setup workflow logs if a private package registry is configured using a GitHub Personal Access Token (PAT), but no username is configured. #3422
  • Fixed a bug which caused the CodeQL Action to fail when repository properties cannot successfully be retrieved. #3421

4.32.0 - 26 Jan 2026

  • Update default CodeQL bundle version to 2.24.0. #3425

4.31.11 - 23 Jan 2026

  • When running a Default Setup workflow with Actions debugging enabled, the CodeQL Action will now use more unique names when uploading logs from the Dependabot authentication proxy as workflow artifacts. This ensures that the artifact names do not clash between multiple jobs in a build matrix. #3409
  • Improved error handling throughout the CodeQL Action. #3415
  • Added experimental support for automatically excluding generated files from the analysis. This feature is not currently enabled for any analysis. In the future, it may be enabled by default for some GitHub-managed analyses. #3318
  • The changelog extracts that are included with releases of the CodeQL Action are now shorter to avoid duplicated information from appearing in Dependabot PRs. #3403

4.31.10 - 12 Jan 2026

  • Update default CodeQL bundle version to 2.23.9. #3393

4.31.9 - 16 Dec 2025

No user facing changes.

4.31.8 - 11 Dec 2025

  • Update default CodeQL bundle version to 2.23.8. #3354

4.31.7 - 05 Dec 2025

  • Update default CodeQL bundle version to 2.23.7. #3343

4.31.6 - 01 Dec 2025

No user facing changes.

4.31.5 - 24 Nov 2025

  • Update default CodeQL bundle version to 2.23.6. #3321

4.31.4 - 18 Nov 2025

... (truncated)

Commits
  • 43d8420 Do not run Swift in debug artifacts after failure check
  • 76a687e Merge pull request #3804 from github/dependabot/npm_and_yarn/npm-minor-e84c60...
  • 751f3e2 Bump eslint-plugin-jsdoc from 62.8.1 to 62.9.0 in the npm-minor group
  • 808513f Update language aliases test
  • e452857 Throw error early rather than warning
  • b623f5f Merge pull request #3799 from github/mario-campos/test-multiple-registries
  • See full diff in compare view

Updates actions/setup-node from 4 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

Updates release-drafter/release-drafter from 6 to 7

Release notes

Sourced from release-drafter/release-drafter's releases.

v7.0.0

What's Changed

Breaking

Bug Fixes

Maintenance

Documentation

Other changes

Dependency Updates

Full Changelog: release-drafter/release-drafter@v6.4.0...v7.0.0

v6.4.0

What's Changed

New

Maintenance

... (truncated)

Commits
  • 5de9358 7.2.0
  • e50d61c chore: rebuild dist
  • d3a61d3 chore: fix npm audit vulnerabilities
  • 8bfa279 build(deps): bump lodash and @​graphql-codegen/plugin-helpers (#1589)
  • c2a8a67 chore: remove engine-strict from .npmrc to fix Dependabot resolution
  • e51e4ad chore(deps): update dependency typescript to 6.0.2 (#1587)
  • 0e7bd54 fix(deps): update dependency @​actions/github to 9.1.0 (#1586)
  • 9c0b0a8 chore(deps): update dependency yaml to 2.8.3 (#1580)
  • b27f820 chore(deps): update vitest to 4.1.4 (#1585)
  • eb90534 ci(deps): update peter-evans/create-pull-request action to v8 (#1588)
  • Additional commits viewable in compare view

Updates peter-evans/slash-command-dispatch from 4 to 5

Release notes

Sourced from peter-evans/slash-command-dispatch's releases.

Slash Command Dispatch v5.0.0

What's new in v5

What's Changed

New Contributors

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code major An incompatible API change labels Mar 16, 2026
@netlify
Copy link
Copy Markdown

netlify Bot commented Mar 16, 2026
edited
Loading

Deploy Preview for testcontainers-node ready!

Name Link
🔨 Latest commit 95892f8
🔍 Latest deploy log https://app.netlify.com/projects/testcontainers-node/deploys/69eeb1ab4d70a50009991b45
😎 Deploy Preview https://deploy-preview-1270--testcontainers-node.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-ff5ec6ee0d branch from 726279c to 82cce33 Compare March 23, 2026 00:45
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-ff5ec6ee0d branch from 82cce33 to f1e6e0b Compare March 30, 2026 00:45
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-ff5ec6ee0d branch from f1e6e0b to d2bb8b2 Compare April 13, 2026 00:45
@dependabot
Bump the actions group across 1 directory with 7 updates
95892f8 
Bumps the actions group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `5` | `6` |
| [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `46.0.5` | `47.0.6` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |
| [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `6` | `7` |
| [peter-evans/slash-command-dispatch](https://github.com/peter-evans/slash-command-dispatch) | `4` | `5` |
| [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `9.0.0` |



Updates `actions/checkout` from 5 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v5...v6)

Updates `tj-actions/changed-files` from 46.0.5 to 47.0.6
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@ed68ef8...9426d40)

Updates `github/codeql-action` from 3 to 4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

Updates `release-drafter/release-drafter` from 6 to 7
- [Release notes](https://github.com/release-drafter/release-drafter/releases)
- [Commits](release-drafter/release-drafter@v6...v7)

Updates `peter-evans/slash-command-dispatch` from 4 to 5
- [Release notes](https://github.com/peter-evans/slash-command-dispatch/releases)
- [Commits](peter-evans/slash-command-dispatch@v4...v5)

Updates `actions/github-script` from 7.0.1 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7.0.1...v9.0.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/github-script
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: peter-evans/slash-command-dispatch
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: release-drafter/release-drafter
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: tj-actions/changed-files
  dependency-version: 47.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-ff5ec6ee0d branch from d2bb8b2 to 95892f8 Compare April 27, 2026 00:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code major An incompatible API change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants