Skip to content

chore(deps): update github-actions#163

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-actions
Open

chore(deps): update github-actions#163
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-actions

Conversation

@renovate

@renovate renovate Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/checkout action patch v6.0.2v6.0.3
actions/setup-go action minor v6.4.0v6.5.0
anthropics/claude-code-action (changelog) action digest f4fb5c6e90deca
anthropics/claude-code-action action patch v1.0.121v1.0.171
aws-actions/configure-aws-credentials action minor v6.1.3v6.2.2
azure/setup-helm action patch v5.0.0v5.0.1
dorny/paths-filter action patch v4.0.1v4.0.2
loft-sh/github-actions (changelog) action digest 53686d2b52efbd
loft-sh/github-actions (changelog) action digest 85d7023b5a50da
openai/codex-action action minor v1.8v1.11
slackapi/slack-github-action action patch v3.0.3v3.0.5

Release Notes

actions/checkout (actions/checkout)

v6.0.3

Compare Source

actions/setup-go (actions/setup-go)

v6.5.0

Compare Source

anthropics/claude-code-action (anthropics/claude-code-action)

v1.0.171

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.171

v1.0.170

Compare Source

v1.0.169

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.169

v1.0.168

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.168

v1.0.167

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.167

v1.0.166

Compare Source

What's Changed
New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.166

v1.0.165

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.165

v1.0.164

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.164

v1.0.163

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.163

v1.0.162

Compare Source

v1.0.161

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.161

v1.0.160

Compare Source

v1.0.159

Compare Source

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.159

v1.0.158

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.158

v1.0.157

Compare Source

v1.0.156

Compare Source

v1.0.155

Compare Source

v1.0.154

Compare Source

v1.0.153

Compare Source

v1.0.152

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.152

v1.0.151

Compare Source

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.151

v1.0.150

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.150

v1.0.149

Compare Source

What's Changed

  • fix(parse-sdk-options): prevent shell-quote from collapsing unquoted Bash(X:*) rules to bare Bash by @​alexglynn in #​1350
  • fix(mcp): align allowed-tools parser with SDK option parser by @​bymle in #​1373

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.149

v1.0.148

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.148

v1.0.147

Compare Source

What's Changed

Full Changelog: anthropics/claude-code-action@v1...v1.0.147

v1.0.146

Compare Source

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.146

v1.0.145

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.145

v1.0.144

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.144

v1.0.143

Compare Source

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.143

v1.0.142

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.142

v1.0.141

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.141

v1.0.140

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.140

v1.0.139

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.139

v1.0.138

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.138

v1.0.137

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.137

v1.0.136

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.136

v1.0.135

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.135

v1.0.134

Compare Source

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.134

v1.0.133

Compare Source

What's Changed

Full Changelog: anthropics/claude-code-action@v1...v1.0.133

v1.0.132

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.132

v1.0.131

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.131

v1.0.130

Compare Source

What's Changed

Full Changelog: anthropics/claude-code-action@v1...v1.0.130

v1.0.129

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.129

v1.0.128

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.128

v1.0.127

Compare Source

What's Changed

Full Changelog: anthropics/claude-code-action@v1...v1.0.127

v1.0.126

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.126

v1.0.125

Compare Source

What's Changed

Full Changelog: anthropics/claude-code-action@v1...v1.0.125

v1.0.124

Compare Source

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.124

v1.0.123

Compare Source

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.123

v1.0.122

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.122

aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)

v6.2.2

Compare Source

v6.2.1

Compare Source

Bug Fixes

v6.2.0

Compare Source

Features
Bug Fixes
azure/setup-helm (azure/setup-helm)

v5.0.1

Compare Source

dorny/paths-filter (dorny/paths-filter)

v4.0.2

Compare Source

openai/codex-action (openai/codex-action)

v1.11

Compare Source

  • #​116 keep the permission profile helper backward compatible

v1.10

Compare Source

  • #​113 add Codex permission profile support

v1.9

Compare Source

  • #​85 update the internal setup-node pin to v6.3.0
slackapi/slack-github-action (slackapi/slack-github-action)

v3.0.5: Slack GitHub Action v3.0.5

Compare Source

Patch Changes
  • 96fddbe: fix: revert multiline yaml parsing indentation change

v3.0.4: Slack GitHub Action v3.0.4

Compare Source

Patch Changes

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

Claude finished @renovate[bot]'s task in 2m 17s —— View job


Review: Renovate dependency bump

  • Read full diff (42 files)
  • Verify SHA-pin consistency across the tree
  • Check for stale/mismatched pins and risky jumps

Findings

No bugs, security issues, or performance problems in the workflow/action changes. This is a clean SHA-pin bump.

Verified locally:

  • Every executable .github/ reference resolves to exactly one SHA per action — no split-brain pins:
    • checkoutdf4cb1c (v6.0.3), setup-go924ae3a (v6.5.0), claude-code-actionba0aafd (v1.0.168), codex-action52fe01e (v1.11), setup-helm9bc31f4 (v5.0.1), configure-aws-credentials517a711 (v6.2.2), paths-filter7b450ff (v4.0.2).
  • No stale old SHAs remain in any workflow/action YAML.
  • All version comments (# v...) match the update table in the PR body.

Minor (non-blocking)

Doc drift only: the old checkout pin de0fac2 # v6.0.2 still appears in example snippets in several README.md files (publish-helm-chart, go-licenses, checkov, subtree-mirror, govulncheck). Not executed, so no functional impact — Renovate just doesn't rewrite doc examples. Worth a periodic sweep to keep examples current, but nothing to block this PR on.

Note on verification scope

I confirmed internal consistency across the repo. I could not cryptographically confirm each tag→SHA mapping against GitHub (gh api / git ls-remote / WebFetch to github.com are blocked in this sandbox). The SHAs were produced by Renovate's digest resolution and the version comments are consistent, so risk is low, but a tag→SHA spot-check is left to the maintainer if desired.

Recommendation: Safe to merge. The bumps are patch/minor across trusted, already-pinned actions.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved by the shared auto-approve workflow because this PR matched the approval criteria.

For more information, see https://github.com/loft-sh/github-actions?tab=readme-ov-file#auto-approve-bot-prs.

@renovate renovate Bot force-pushed the renovate/github-actions branch from 4eafdd1 to b2f1f27 Compare July 9, 2026 03:10
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

Claude finished @renovate[bot]'s task in 57s —— View job


Review: Renovate dependency bump (re-review after sync)

  • Read full diff (42 files)
  • Verify SHA-pin consistency across the tree
  • Check for bugs / security / risky jumps

Findings

No bugs, security issues, or performance problems. Clean SHA-pin bump across trusted, already-pinned actions.

Verified across the whole .github/ tree — every executable reference resolves to exactly one SHA per action, no split-brain pins:

Action SHA Version
actions/checkout df4cb1c v6.0.3
actions/setup-go 924ae3a v6.5.0
anthropics/claude-code-action 37b464c v1.0.169
openai/codex-action 52fe01e v1.11
azure/setup-helm 9bc31f4 v5.0.1
aws-actions/configure-aws-credentials 517a711 v6.2.2
dorny/paths-filter 7b450ff v4.0.2
ci-test-notify b5a50da ci-test-notify/v1
validate-renovate.yaml b52efbd validate-renovate/v1

Notes:

  • claude-code-action moved to v1.0.169 (37b464c) since the PR body was written (body says v1.0.168) — the sync picked up a newer patch. SHA is consistent everywhere it appears (both the # v1.0.169 pin in ai-pr-review/action.yml and the # v1 float-tag comment in the claude*.yaml workflows point at the same commit). No mismatch.
  • No stale old SHAs remain in any workflow/action YAML.

Minor (non-blocking)

Doc drift only — the old de0fac2 # v6.0.2 checkout pin still appears in README example snippets (subtree-mirror, go-licenses, govulncheck, checkov, publish-helm-chart). Not executed, so no functional impact; Renovate doesn't rewrite doc examples. Worth a periodic sweep but nothing to block on.

Verification scope

I confirmed internal consistency across the repo. I could not cryptographically confirm each tag→SHA mapping against GitHub (network is blocked in this sandbox). The SHAs come from Renovate's digest resolution and the version comments are consistent, so risk is low; a tag→SHA spot-check is left to the maintainer if desired.

Recommendation: Safe to merge.

@renovate renovate Bot force-pushed the renovate/github-actions branch from b2f1f27 to 021a49f Compare July 9, 2026 08:09
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

Claude finished @renovate[bot]'s task in 44s —— View job


Review: Renovate dependency bump

  • Read full diff (43 files)
  • Verify SHA-pin consistency across the .github/ tree
  • Check for bugs / security / risky jumps

Findings

No bugs, security issues, or performance problems. Clean SHA-pin bump across trusted, already-pinned actions.

Every executable reference in .github/ resolves to exactly one SHA per action — no split-brain pins:

Action SHA Version
actions/checkout df4cb1c v6.0.3
actions/setup-go 924ae3a v6.5.0
anthropics/claude-code-action 37b464c v1.0.169 / # v1
openai/codex-action 52fe01e v1.11
azure/setup-helm 9bc31f4 v5.0.1
aws-actions/configure-aws-credentials 517a711 v6.2.2
dorny/paths-filter 7b450ff v4.0.2
ci-test-notify b5a50da ci-test-notify/v1
validate-renovate.yaml b52efbd validate-renovate/v1
  • claude-code-action is pinned to the same SHA (37b464c) whether commented # v1.0.169 (in ai-pr-review/action.yml) or # v1 (in the claude*.yaml workflows) — no mismatch. (Note: PR body says v1.0.168; the sync picked up the newer v1.0.169 patch.)
  • No stale old SHAs remain in any workflow/action YAML.

Minor (non-blocking)

Doc drift only — the old de0fac2 # v6.0.2 checkout pin still appears in README example snippets (checkov, go-licenses, govulncheck, publish-helm-chart, subtree-mirror, vcluster-release). Not executed, so no functional impact; Renovate doesn't rewrite doc examples. Worth a periodic sweep but nothing to block on.

Verification scope

Confirmed internal consistency across the repo. I could not cryptographically confirm each tag→SHA mapping against GitHub (network blocked in this sandbox). SHAs come from Renovate's digest resolution and version comments are consistent, so risk is low; a tag→SHA spot-check is left to the maintainer if desired.

Recommendation: Safe to merge — patch/minor bumps across trusted, already-pinned actions.

@renovate renovate Bot force-pushed the renovate/github-actions branch from 021a49f to 21a726e Compare July 10, 2026 01:59
@github-actions

github-actions Bot commented Jul 10, 2026

Copy link
Copy Markdown

Claude finished @renovate[bot]'s task in 46s —— View job


Review: Renovate dependency bump (re-review after sync)

  • Read full diff (43 files)
  • Verify SHA-pin consistency across the .github/ tree
  • Check for bugs / security / risky jumps

Findings

No bugs, security issues, or performance problems. Clean SHA-pin bump across trusted, already-pinned actions.

Every executable reference in .github/ resolves to exactly one SHA per action — no split-brain pins:

Action SHA Version
actions/checkout df4cb1c v6.0.3
actions/setup-go 924ae3a v6.5.0
anthropics/claude-code-action 536f2c3 v1.0.170 / # v1
openai/codex-action 52fe01e v1.11
azure/setup-helm 9bc31f4 v5.0.1
aws-actions/configure-aws-credentials 517a711 v6.2.2
dorny/paths-filter 7b450ff v4.0.2
ci-test-notify b5a50da ci-test-notify/v1
validate-renovate.yaml b52efbd validate-renovate/v1
  • claude-code-action moved again to v1.0.170 (536f2c3) since the last sync (PR body says v1.0.168, prior reviews saw v1.0.169). SHA is consistent across all 4 references — the # v1.0.170 pin in ai-pr-review/action.yml and the # v1 float-tag comments in the claude*.yaml workflows all point at the same commit. No mismatch.
  • No stale old SHAs remain in any executable workflow/action YAML.

Minor (non-blocking)

Doc drift only — the old checkout pin de0fac2 # v6.0.2 still appears in README example snippets (publish-helm-chart, go-licenses, vcluster-release, checkov, subtree-mirror, govulncheck — 10 occurrences). Not executed, so no functional impact; Renovate doesn't rewrite doc examples. Worth a periodic sweep but nothing to block on.

Verification scope

Confirmed internal consistency across the repo. I could not cryptographically confirm each tag→SHA mapping against GitHub (network blocked in this sandbox). SHAs come from Renovate's digest resolution and version comments are consistent, so risk is low; a tag→SHA spot-check is left to the maintainer if desired.

Recommendation: Safe to merge — patch/minor bumps across trusted, already-pinned actions.

@renovate renovate Bot force-pushed the renovate/github-actions branch from 21a726e to 4ef0d1c Compare July 11, 2026 03:28
@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown

Claude finished @renovate[bot]'s task in 45s —— View job


Review: Renovate dependency bump (re-review after sync)

  • Read full diff (46 files)
  • Verify SHA-pin consistency across the .github/ tree
  • Check for bugs / security / risky jumps

Findings

No bugs, security issues, or performance problems. Clean SHA-pin bump across trusted, already-pinned actions.

Every executable reference in .github/ resolves to exactly one SHA per action — no split-brain pins:

Action SHA Version
actions/checkout df4cb1c v6.0.3
actions/setup-go 924ae3a v6.5.0
anthropics/claude-code-action e90deca v1.0.171 / # v1
openai/codex-action 52fe01e v1.11
azure/setup-helm 9bc31f4 v5.0.1
aws-actions/configure-aws-credentials 517a711 v6.2.2
dorny/paths-filter 7b450ff v4.0.2
slackapi/slack-github-action fc46ded v3.0.4
ci-test-notify b5a50da ci-test-notify/v1
validate-renovate.yaml b52efbd validate-renovate/v1

Notes since the PR body / prior reviews were written:

  • claude-code-action moved again to v1.0.171 (e90deca) (body says v1.0.170; earlier reviews saw v1.0.168/169/170). SHA is consistent across all 4 references — the # v1.0.171 pin in ai-pr-review/action.yml and the # v1 float-tag comments in the claude*.yaml workflows all point at the same commit. No mismatch.
  • slackapi/slack-github-action bumped v3.0.3 → v3.0.4 (fc46ded) in this sync (not listed in the PR body table). Consistent across all 4 references.
  • No stale old SHAs remain in any executable workflow/action YAML.

Minor (non-blocking)

Doc drift only — the old checkout pin de0fac2 # v6.0.2 still appears in README example snippets (checkov, go-licenses, govulncheck, publish-helm-chart, subtree-mirror, vcluster-release — 10 occurrences). Not executed, so no functional impact; Renovate doesn't rewrite doc examples. Worth a periodic sweep but nothing to block on.

Verification scope

Confirmed internal consistency across the repo. I could not cryptographically confirm each tag→SHA mapping against GitHub (network blocked in this sandbox). SHAs come from Renovate's digest resolution and version comments are consistent, so risk is low; a tag→SHA spot-check is left to the maintainer if desired.

Recommendation: Safe to merge — patch/minor bumps across trusted, already-pinned actions.

@renovate renovate Bot force-pushed the renovate/github-actions branch from 4ef0d1c to 82dc414 Compare July 11, 2026 07:43
@github-actions

github-actions Bot commented Jul 11, 2026

Copy link
Copy Markdown

Claude finished @renovate[bot]'s task in 50s —— View job


Review: Renovate dependency bump (re-review after sync)

  • Read full diff (46 files)
  • Verify SHA-pin consistency across the .github/ tree
  • Check for bugs / security / risky jumps

Findings

No bugs, security issues, or performance problems. Clean SHA-pin bump across trusted, already-pinned actions.

Every executable reference in .github/ resolves to exactly one SHA per action — no split-brain pins:

Action SHA Version
actions/checkout df4cb1c v6.0.3
actions/setup-go 924ae3a v6.5.0
anthropics/claude-code-action e90deca v1.0.171 / # v1
openai/codex-action 52fe01e v1.11
azure/setup-helm 9bc31f4 v5.0.1
aws-actions/configure-aws-credentials 517a711 v6.2.2
dorny/paths-filter 7b450ff v4.0.2
slackapi/slack-github-action 0d95c9a v3.0.5
ci-test-notify b5a50da ci-test-notify/v1
validate-renovate.yaml b52efbd validate-renovate/v1

Note since prior reviews / PR body were written:

  • slackapi/slack-github-action moved further to v3.0.5 (0d95c9a) — PR body says v3.0.4, last review saw v3.0.4 (fc46ded). The sync picked up the newer patch. SHA is consistent across all 4 references.
  • claude-code-action is at v1.0.171 (e90deca), consistent across both the # v1.0.171 pin in ai-pr-review/action.yml and the # v1 float-tag comments in the claude*.yaml workflows.
  • No stale old SHAs remain in any executable workflow/action YAML.

Minor (non-blocking)

Doc drift only — the old checkout pin de0fac2 # v6.0.2 still appears in README example snippets (publish-helm-chart, go-licenses, vcluster-release, checkov, subtree-mirror, govulncheck). Not executed, so no functional impact; Renovate doesn't rewrite doc examples. Worth a periodic sweep but nothing to block on.

Verification scope

Confirmed internal consistency across the repo. I could not cryptographically confirm each tag→SHA mapping against GitHub (network blocked in this sandbox). SHAs come from Renovate's digest resolution and version comments are consistent, so risk is low; a tag→SHA spot-check is left to the maintainer if desired.

Recommendation: Safe to merge — patch/minor bumps across trusted, already-pinned actions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants