chore(deps): update github actions (main) #3162
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
oep-renovate
bot
requested review from
AlexanderBarabanov,
ashwinvaidya17 and
mramotowski
as code owners
Signed-off-by: oep-renovate[bot] <212772560+oep-renovate[bot]@users.noreply.github.com>
oep-renovate
bot
force-pushed
the
renovate/main-github-actions
branch
from
863d37a to
15d3d44
Compare
|
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v5.0.0->v6.0.0v5->v6v2.1.4->v2.2.0v5->v6v5->v6e797f83->83679a8v6.0.0->v6.1.0v4->v5v6.8.0->v7.1.4v3.30.6->v4.31.64ec90fb->3cdaaaav7.0.8->v7.0.9v43.0.15->v44.0.5v2.3.4->v2.5.0v2.13.1->v2.13.2Release Notes
actions/checkout (actions/checkout)
v6.0.0Compare Source
v5.0.1Compare Source
actions/create-github-app-token (actions/create-github-app-token)
v2.2.0Compare Source
Bug Fixes
Features
actions/download-artifact (actions/download-artifact)
v6Compare Source
actions/setup-node (actions/setup-node)
v6Compare Source
actions/setup-python (actions/setup-python)
v6.1.0Compare Source
What's Changed
Enhancements:
pip-installinput by @gowridurgad in #1201Dependency and Documentation updates:
allow-prereleasesby @yarikoptic in #979New Contributors
Full Changelog: actions/setup-python@v6...v6.1.0
actions/upload-artifact (actions/upload-artifact)
v5Compare Source
astral-sh/setup-uv (astral-sh/setup-uv)
v7.1.4: 🌈 Fix libuv closing bug on WindowsCompare Source
Changes
This release fixes the bug
Assertion failed: !(handle->flags & UV_HANDLE_CLOSING)on Windows runners🐛 Bug fixes
🧰 Maintenance
v7.1.3: 🌈 Support actCompare Source
Changes
This bug fix release adds support for https://github.com/nektos/act
It was previously broken because of a too new
undiciversion and TS transpilation target.Compatibility with act is now automatically tested.
🐛 Bug fixes
🧰 Maintenance
📚 Documentation
cache-dependency-glob@allanlewis (#676)v7.1.2: 🌈 Speed up extraction on WindowsCompare Source
Changes
@lazka fixed a bug that caused extracting uv to take up to 30s. Thank you!
🐛 Bug fixes
🧰 Maintenance
⬆️ Dependency updates
v7.1.1: 🌈 Fix empty workdir detection and lowest resolution strategyCompare Source
Changes
This release fixes a bug where the
working-directoryinput was not used to detect an empty work dir. It also fixes thelowestresolution strategy resolving to latest when only a lower bound was specified.Special thanks to @tpgillam for the first contribution!
🐛 Bug fixes
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
v7.1.0: 🌈 Support all the use casesCompare Source
Changes
Support all the use cases!!!
... well, that we know of.
This release adds support for some use cases that most users don't encounter but are useful for e.g. people running Gitea.
The input
resolution-strategylets you use the lowest possible version of uv from a version range. Useful if you want to test your tool with different versions of uv.If you use
activate-environmentthe path to the activated venv is now also exposed under the outputvenv.Downloaded python installations can now also be uploaded to the GitHub Actions cache backend. Useful if you are running in
actand have configured your own backend and don't want to download python again, and again over a slow internet connection.Finally the path to installed python interpreters is now added to the
PATHon Windows.🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
v7.0.0: 🌈 node24 and a lot of bugfixesCompare Source
Changes
This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.
This release also removes the deprecated input
server-urlwhich was used to download uv releases from a different server.The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.
Fixes
UV_CACHE_DIRis already set and does not overwrite it. It now also finds cache-dir settings in config files if you set them.uvprocesses running in the background. Starting with uv version0.8.24this action usesuv cache prune --ci --forceto ignore the running processesUV_NO_MODIFY_PATHUV_CACHE_DIR. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.Improvements
If you are using minimum version specifiers for the version of uv to install for example
This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo
to determine the highest matching candidate for the version specifier, which took much more time.
If you are using other specifiers like
0.8.xthis action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.🚨 Breaking changes
🐛 Bug fixes
UV_CACHE_DIRhas changed @jamesbraza (#601)🚀 Enhancements
🧰 Maintenance
⬆️ Dependency updates
github/codeql-action (github/codeql-action)
v4.31.6Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.6 - 01 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.5Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.5 - 24 Nov 2025
See the full CHANGELOG.md for more information.
v4.31.4Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.4 - 18 Nov 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.3Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.3 - 13 Nov 2025
See the full CHANGELOG.md for more information.
v4.31.2Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.2 - 30 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.1Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.1 - 30 Oct 2025
add-snippetsinput has been removed from theanalyzeaction. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.See the full CHANGELOG.md for more information.
v4.31.0Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.0 - 24 Oct 2025
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #3222See the full CHANGELOG.md for more information.
v4.30.9Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.9 - 17 Oct 2025
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204See the full CHANGELOG.md for more information.
v4.30.8Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.8 - 10 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.30.7Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.7 - 06 Oct 2025
See the full CHANGELOG.md for more information.
v3.31.6Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.6 - 01 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.31.5Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.5 - 24 Nov 2025
See the full CHANGELOG.md for more information.
v3.31.4Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.4 - 18 Nov 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.31.3Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.3 - 13 Nov 2025
See the full CHANGELOG.md for more information.
v3.31.2Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.2 - 30 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.31.1Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.1 - 30 Oct 2025
add-snippetsinput has been removed from theanalyzeaction. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.See the full CHANGELOG.md for more information.
v3.31.0Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.31.0 - 24 Oct 2025
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #3222See the full CHANGELOG.md for more information.
v3.30.9Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.9 - 17 Oct 2025
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204See the full CHANGELOG.md for more information.
v3.30.8Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.8 - 10 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v3.30.7Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
3.30.7 - 06 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
peter-evans/create-pull-request (peter-evans/create-pull-request)
v7.0.9: Create Pull Request v7.0.9Compare Source
⚙️ Fixes an incompatibility with the recently released
actions/checkout@v6.What's Changed
ready_for_reviewby @ybiquitous in #3939add-pathsdefault behavior by @joeflack4 in #3928New Contributors
Full Changelog: peter-evans/create-pull-request@v7.0.8...v7.0.9
renovatebot/github-action (renovatebot/github-action)
v44.0.5Compare Source
Documentation
Miscellaneous Chores
minimumReleaseAgetonull(#972) (df0277d)Build System
Continuous Integration
v44.0.4Compare Source
Documentation
Miscellaneous Chores
Build System
Continuous Integration
v44.0.3Compare Source
Documentation
Miscellaneous Chores
Build System
Continuous Integration
v44.0.2Compare Source
Documentation
Build System
v44.0.1Compare Source
Bug Fixes
minimumReleaseAge(#963) (6681b3f)Miscellaneous Chores
v44.0.0Compare Source
⚠ BREAKING CHANGES
Features
Configuration
📅 Schedule: Branch creation - On day 1 of the month ( * * 1 * * ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.