Skip to content

chore(deps): bump the minor-updates group across 3 directories with 4 updates#168

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/minor-updates-2c528de8af
Open

chore(deps): bump the minor-updates group across 3 directories with 4 updates#168
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/minor-updates-2c528de8af

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-updates group with 2 updates in the / directory: makerxstudio/shared-config/.github/actions/ensure-sha-pinned-actions and astral-sh/setup-uv.
Bumps the minor-updates group with 1 update in the /.github/actions/build-docker directory: docker/setup-buildx-action.
Bumps the minor-updates group with 1 update in the /.github/actions/node-deploy-cdk directory: aws-actions/configure-aws-credentials.

Updates makerxstudio/shared-config/.github/actions/ensure-sha-pinned-actions from 2.2.0 to 2.4.0

Release notes

Sourced from makerxstudio/shared-config/.github/actions/ensure-sha-pinned-actions's releases.

v2.4.0

2.4.0 (2026-05-22)

Features

  • run audit before lint and test (319b03c)
  • run audit before lint and test (881e71f)

v2.3.0

2.3.0 (2026-05-21)

Features

  • ci: parameterize github zendesk workflow runners (3f56a50)
  • ci: parameterize node build workflow runners (1f9c426)
  • ci: parameterize node publish workflow runners (45ff361)
  • ci: parameterize python workflow runners (caaed69)
  • ci: parameterize reusable workflow runners (9cccf7a)
  • ci: parameterize sha pinning workflow runner (01ec026)
  • ci: parameterize zendesk github workflow runners (ecc04d0)
Changelog

Sourced from makerxstudio/shared-config/.github/actions/ensure-sha-pinned-actions's changelog.

Changelog

2.4.0 (2026-05-22)

Features

  • run audit before lint and test (319b03c)
  • run audit before lint and test (881e71f)

2.3.0 (2026-05-21)

Features

  • ci: parameterize github zendesk workflow runners (3f56a50)
  • ci: parameterize node build workflow runners (1f9c426)
  • ci: parameterize node publish workflow runners (45ff361)
  • ci: parameterize python workflow runners (caaed69)
  • ci: parameterize reusable workflow runners (9cccf7a)
  • ci: parameterize sha pinning workflow runner (01ec026)
  • ci: parameterize zendesk github workflow runners (ecc04d0)

2.2.0 (2026-05-06)

Features

  • deploy-bicep: expose bicep-version input (c7566de)
  • deploy-bicep: expose bicep-version input (e991336)

2.1.0 (2026-05-06)

Features

  • Add sbom-flags input and harden SBOM steps (a4ff264)
  • Add sbom-flags input and harden SBOM steps against command injection (9e60a18)

Bug Fixes

  • correct artifact extraction glob for download-artifact v8 (e07f75b)
  • correct artifact extraction glob for download-artifact v8 (3d419a9)

2.0.1 (2026-04-08)

Bug Fixes

... (truncated)

Commits
  • f63ff13 chore(main): release 2.4.0 (#157)
  • 319b03c Merge pull request #156 from MakerXStudio/staff0rd/audit-earlier
  • 881e71f refactor(ci): run audit before lint and test
  • 20a8ce8 Merge pull request #155 from MakerXStudio/release-please--branches--main
  • e7f5a61 chore(main): release 2.3.0
  • 9cccf7a Merge pull request #154 from MakerXStudio/feat/parameterize-workflow-runners
  • f81c405 refactor(ci): rename runner input to runs-on
  • 01ec026 feat(ci): parameterize sha pinning workflow runner
  • ecc04d0 feat(ci): parameterize zendesk github workflow runners
  • 3f56a50 feat(ci): parameterize github zendesk workflow runners
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 8.1.0 to 8.3.1

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.2.0 🌈 New inputs quiet and download-from-astral-mirror

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details. In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token. All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits
  • f98e069 Change update-docs PR labels from 'update-docs' to 'documentation' (#945)
  • cd46263 chore: update known checksums for 0.11.27 (#944)
  • 11245c7 docs: update version references to v8.3.0 (#939)
  • d31148d Strip environment markers from detected uv dependency pins (#938)
  • 17c3989 Fix cache keys for Python version ranges (#937)
  • 3cc3c11 chore(deps): roll up Dependabot updates (#936)
  • 9225f84 chore(deps): bump release-drafter/release-drafter from 7.3.1 to 7.4.0 (#924)
  • fc16fa3 chore(deps): bump actions/checkout from 6.0.2 to 7.0.0 (#926)
  • a1a7345 ci: call docs update workflow from release (#933)
  • a5e9cbf docs: update version references to v8.2.0 (#932)
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.0.0 to 4.2.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.2.0

Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits
  • bb05f3f Merge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 321c814 [dependabot skip] chore: update generated content
  • b9a36ef build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • ebeab24 Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 5c7b8ae [dependabot skip] chore: update generated content
  • 037e618 build(deps): bump undici from 6.25.0 to 6.27.0
  • 66080e5 Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 409aef0 Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 49c6e42 build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 2211273 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 6.1.1 to 6.2.2

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.2.2

6.2.2 (2026-07-07)

Miscellaneous Chores

v6.2.1

6.2.1 (2026-06-26)

Bug Fixes

  • enforce allowed-account-ids on all auth paths (#1847) (4d281fb)

v6.2.0

6.2.0 (2026-06-01)

Features

Bug Fixes

  • skip credential check on output-env-credentials: false (#1778) (58e7c47)
  • assumeRole failing from session tag size too large (#1808) (d6f5dc3)

v6.1.3

6.1.3 (2026-05-27)

Bug Fixes

v6.1.2

6.1.2 (2026-05-26)

Bug Fixes

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.2.2 (2026-07-07)

Miscellaneous Chores

6.2.1 (2026-06-26)

Bug Fixes

  • enforce allowed-account-ids on all auth paths (#1847) (4d281fb)

6.2.0 (2026-06-01)

Features

Bug Fixes

  • skip credential check on output-env-credentials: false (#1778) (58e7c47)
  • assumeRole failing from session tag size too large (#1808) (d6f5dc3)

6.1.3 (2026-05-28)

Bug Fixes

  • fix: allow kubelet token symlink in #1805

6.1.2 (2026-05-26)

Bug Fixes

6.1.1 (2026-05-05)

Miscellaneous Chores

... (truncated)

Commits
  • 517a711 chore(main): release 6.2.2 (#1876)
  • d01d678 chore: release 6.2.2
  • 8efa52b chore(deps-dev): bump vitest dependencies (#1874)
  • 8e1eed5 chore(deps-dev): bump @​smithy/property-provider from 4.4.4 to 4.4.6 (#1869)
  • 112421a chore(deps-dev): bump @​biomejs/biome from 2.5.1 to 2.5.2 (#1868)
  • fbc01c6 chore(deps-dev): bump @​types/node from 26.0.1 to 26.1.0 (#1871)
  • b12ca87 chore(deps-dev): bump memfs from 4.57.8 to 4.58.0 (#1873)
  • d314f7f chore: Update dist
  • a53b65b chore(deps): bump @​aws-sdk/client-sts from 3.1076.0 to 3.1080.0 (#1867)
  • 338d2c1 chore(deps-dev): bump sigstore from 4.1.0 to 4.1.1 (#1864)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates

Bumps the minor-updates group with 2 updates in the / directory: [makerxstudio/shared-config/.github/actions/ensure-sha-pinned-actions](https://github.com/makerxstudio/shared-config) and [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv).
Bumps the minor-updates group with 1 update in the /.github/actions/build-docker directory: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action).
Bumps the minor-updates group with 1 update in the /.github/actions/node-deploy-cdk directory: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials).


Updates `makerxstudio/shared-config/.github/actions/ensure-sha-pinned-actions` from 2.2.0 to 2.4.0
- [Release notes](https://github.com/makerxstudio/shared-config/releases)
- [Changelog](https://github.com/MakerXStudio/shared-config/blob/main/CHANGELOG.md)
- [Commits](762d74b...f63ff13)

Updates `astral-sh/setup-uv` from 8.1.0 to 8.3.1
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@0880764...f98e069)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4d04d5d...bb05f3f)

Updates `aws-actions/configure-aws-credentials` from 6.1.1 to 6.2.2
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@d979d5b...517a711)

---
updated-dependencies:
- dependency-name: makerxstudio/shared-config/.github/actions/ensure-sha-pinned-actions
  dependency-version: 2.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 7, 2026
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

🛡️ SHA Pinned Actions Report

✅ All 28 file(s) passed — actions are allowed and pinned as required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants