Skip to content
This repository was archived by the owner on Jun 26, 2026. It is now read-only.

build(deps): bump the actions group across 1 directory with 16 updates#466

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-1936214078
Open

build(deps): bump the actions group across 1 directory with 16 updates#466
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-1936214078

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 16 updates in the / directory:

Package From To
open-policy-agent/setup-opa 2.3.0 2.4.0
actions/checkout 6.0.2 7.0.0
actions/setup-go 6.2.0 6.5.0
goreleaser/goreleaser-action 6.4.0 7.2.2
actions/upload-artifact 6.0.0 7.0.1
docker/setup-qemu-action 3.7.0 4.1.0
actions/download-artifact 7.0.0 8.0.1
aquasecurity/trivy-action 0.33.1 0.36.0
github/codeql-action/init 4.31.11 4.36.2
github/codeql-action/autobuild 4.31.11 4.36.2
github/codeql-action/analyze 4.31.11 4.36.2
jdx/mise-action 3.6.1 4.2.0
golangci/golangci-lint-action 9.2.0 9.2.1
dorny/paths-filter 3.0.2 4.0.1
jaxxstorm/action-install-gh-release 2.1.0 3.0.0
chainguard-images/actions/apko-publish 1.0.12 1.0.33

Updates open-policy-agent/setup-opa from 2.3.0 to 2.4.0

Release notes

Sourced from open-policy-agent/setup-opa's releases.

v2.4.0

What's Changed

New Contributors

Full Changelog: open-policy-agent/setup-opa@v2.3.0...v2.4.0

Commits
  • b2b258e Merge pull request #46 from open-policy-agent/upgradetypescript
  • 9953d86 oops
  • dc9ce97 Bump typescript to ^5.8.3
  • c41d925 Merge pull request #45 from open-policy-agent/dependabot/npm_and_yarn/depende...
  • 3d49f04 update dist files
  • 0f32bd1 build(deps): bump the dependencies group with 16 updates
  • 45aa888 Merge pull request #44 from open-policy-agent/dependabotnpm
  • 2655a4c add npm to dependabot
  • 87c8815 Merge pull request #42 from open-policy-agent/dependabot/github_actions/actio...
  • 621c82b build(deps): bump actions/checkout from 5 to 6
  • See full diff in compare view

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/setup-go from 6.2.0 to 6.5.0

Release notes

Sourced from actions/setup-go's releases.

v6.5.0

What's Changed

Dependency update

New Contributors

Full Changelog: actions/setup-go@v6...v6.5.0

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

Full Changelog: actions/setup-go@v6...v6.3.0

Commits

Updates goreleaser/goreleaser-action from 6.4.0 to 7.2.2

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.2.2

What's Changed

New Contributors

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.2

v7.2.1

This fully removes the usage of the old nightly moving tag.

Full Changelog: goreleaser/goreleaser-action@v7.2.0...v7.2.1

v7.2.0

What's Changed

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.0

v7.1.0

What's Changed

New Contributors

Full Changelog: goreleaser/goreleaser-action@v7...v7.1.0

v7.0.0

What's Changed

... (truncated)

Commits
  • 5daf1e9 fix: nightly resolution to select newest published release (#562)
  • 5cc7ebb ci: update actions
  • 702f5f9 ci(deps): bump the actions group with 3 updates (#560)
  • 1a80836 ci(nightly): pass GITHUB_TOKEN to nightly integration job
  • a71152e refactor: drop legacy 'nightly' tag fallback
  • 4c6ab56 feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release (#558)
  • 4f96abf feat: add version-file input (#556)
  • 15fa2a9 test: cover install across release eras (#555)
  • e24998b ci: drop pre-cosign-v3 goreleaser versions from tests (#554)
  • be2e8a3 docs: document cosign verification in README (#553)
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 6.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • See full diff in compare view

Updates docker/setup-qemu-action from 3.7.0 to 4.1.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.1.0

Full Changelog: docker/setup-qemu-action@v4.0.0...v4.1.0

v4.0.0

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

Commits
  • 0611638 Merge pull request #21 from crazy-max/uninst
  • ce59c81 chore: update generated content
  • 2ddad44 uninstall current emulators
  • 8c37cd6 Merge pull request #250 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • d1a0ff3 chore: update generated content
  • 0a8f3dc build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.91.0
  • 9430f61 Merge pull request #291 from docker/dependabot/npm_and_yarn/tmp-0.2.6
  • 978bd77 chore: update generated content
  • 3479feb build(deps): bump tmp from 0.2.5 to 0.2.6
  • b113c26 Merge pull request #255 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
  • Additional commits viewable in compare view

Updates actions/download-artifact from 7.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits
  • 3e5f45b Add regression tests for CJK characters (#471)
  • e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.33.1 to 0.36.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Release: 0.35.0

What's Changed

Full Changelog: aquasecurity/trivy-action@0.34.2...0.35.0

Release: v0.35.0

This release is a duplicate of 0.35.0 which was not compromised.

As part of our response to the recent supply chain attack, we have migrated all tags to use the v prefix (e.g., v0.35.0 instead of 0.35.0). Going forward, all new releases will use the v prefix convention.

We have intentionally kept the 0.35.0 tag intact to avoid breaking existing workflows that depend on it.

If you are currently using 0.35.0, your workflows are safe — no action is required.

Release: v0.34.0

Full Changelog: aquasecurity/trivy-action@v0.33.1...v0.34.0

Commits
  • ed142fd chore: update action version to v0.36.0 in examples (#563)
  • dea62cf chore(deps): Update trivy to v0.70.0 (#559)
  • 128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
  • 876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
  • dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
  • 4a2deec fix: use portable shebang in entrypoint.sh (#545)
  • 1994662 chore(deps): bump the actions group with 5 updates (#558)
  • 6b36659 chore: add zizmor config (#557)
  • 316aa5a ci: add dependabot config (#556)
  • 264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
  • Additional commits viewable in compare view

Updates github/codeql-action/init from 4.31.11 to 4.36.2

Release notes

Sourced from github/codeql-action/init's releases.

v4.36.2

  • Cache CodeQL CLI version information across Actions steps. #3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
  • Update default CodeQL bundle version to 2.25.6. #3948

v4.36.1

No user facing changes.

v4.36.0

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926

v4.35.5

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change witho...

    Description has been truncated

Bumps the actions group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [open-policy-agent/setup-opa](https://github.com/open-policy-agent/setup-opa) | `2.3.0` | `2.4.0` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.2.0` | `6.5.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.4.0` | `7.2.2` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.1` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.1.0` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.33.1` | `0.36.0` |
| [github/codeql-action/init](https://github.com/github/codeql-action) | `4.31.11` | `4.36.2` |
| [github/codeql-action/autobuild](https://github.com/github/codeql-action) | `4.31.11` | `4.36.2` |
| [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.31.11` | `4.36.2` |
| [jdx/mise-action](https://github.com/jdx/mise-action) | `3.6.1` | `4.2.0` |
| [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `9.2.0` | `9.2.1` |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3.0.2` | `4.0.1` |
| [jaxxstorm/action-install-gh-release](https://github.com/jaxxstorm/action-install-gh-release) | `2.1.0` | `3.0.0` |
| [chainguard-images/actions/apko-publish](https://github.com/chainguard-images/actions) | `1.0.12` | `1.0.33` |



Updates `open-policy-agent/setup-opa` from 2.3.0 to 2.4.0
- [Release notes](https://github.com/open-policy-agent/setup-opa/releases)
- [Commits](open-policy-agent/setup-opa@950f159...b2b258e)

Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `actions/setup-go` from 6.2.0 to 6.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@7a3fe6c...924ae3a)

Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.2.2
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@e435ccd...5daf1e9)

Updates `actions/upload-artifact` from 6.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@b7c566a...043fb46)

Updates `docker/setup-qemu-action` from 3.7.0 to 4.1.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@c7c5346...0611638)

Updates `actions/download-artifact` from 7.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@37930b1...3e5f45b)

Updates `aquasecurity/trivy-action` from 0.33.1 to 0.36.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@b6643a2...ed142fd)

Updates `github/codeql-action/init` from 4.31.11 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@19b2f06...8aad20d)

Updates `github/codeql-action/autobuild` from 4.31.11 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@19b2f06...8aad20d)

Updates `github/codeql-action/analyze` from 4.31.11 to 4.36.2
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@19b2f06...8aad20d)

Updates `jdx/mise-action` from 3.6.1 to 4.2.0
- [Release notes](https://github.com/jdx/mise-action/releases)
- [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md)
- [Commits](jdx/mise-action@6d1e696...e6a8b39)

Updates `golangci/golangci-lint-action` from 9.2.0 to 9.2.1
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@1e7e51e...82606bf)

Updates `dorny/paths-filter` from 3.0.2 to 4.0.1
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](dorny/paths-filter@de90cc6...fbd0ab8)

Updates `jaxxstorm/action-install-gh-release` from 2.1.0 to 3.0.0
- [Release notes](https://github.com/jaxxstorm/action-install-gh-release/releases)
- [Commits](jaxxstorm/action-install-gh-release@6096f2a...25e24d2)

Updates `chainguard-images/actions/apko-publish` from 1.0.12 to 1.0.33
- [Release notes](https://github.com/chainguard-images/actions/releases)
- [Commits](chainguard-images/actions@86c7689...03241d6)

---
updated-dependencies:
- dependency-name: open-policy-agent/setup-opa
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-go
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.2.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github/codeql-action/autobuild
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: jdx/mise-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: golangci/golangci-lint-action
  dependency-version: 9.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: dorny/paths-filter
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: jaxxstorm/action-install-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: chainguard-images/actions/apko-publish
  dependency-version: 1.0.33
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 26, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants