apache · dependabot · Nov 3, 2025
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: install dependencies
         run: npm install
       - name: run markdownlint
@@ -30,8 +30,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: check out code
-        uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
+        uses: actions/checkout@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: '3.x'
       - name: install yamllint
@@ -43,15 +43,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: run misspell
         run: make misspell
 
   checklinks:
     name: linkspector
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Run linkspector
         uses: umbrelladocs/action-linkspector@v1
         with:
@@ -62,15 +62,15 @@ jobs:
   sanity:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: run sanitycheck.py
         run: python3 ./internal/tools/sanitycheck.py
 
   checklicense:
     runs-on: ubuntu-latest
     steps:
       - name: check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: install tools
         run: make install-tools
       - name: run checklicense

diff --git a/.github/workflows/component-build-images.yml b/.github/workflows/component-build-images.yml
@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Generate
         run: make clean docker-generate-protobuf
       - name: Check Clean Work Tree
@@ -133,7 +133,7 @@ jobs:
             setup-qemu: true
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
       - name: Load environment variables from .env file
@@ -189,7 +189,7 @@ jobs:
             max-parallelism = 2
       - name: Matrix Build and push demo images
         if: steps.check_changes.outputs.skip == 'false'
-        uses: docker/build-push-action@v6.15.0
+        uses: docker/build-push-action@v6.18.0
         with:
           context: ${{ matrix.file_tag.context }}
           file: ${{ matrix.file_tag.file }}

diff --git a/.github/workflows/dependabot-auto-update-protobuf-diff.yml b/.github/workflows/dependabot-auto-update-protobuf-diff.yml
@@ -18,7 +18,7 @@ jobs:
     if: github.event.pull_request.user.login == 'dependabot[bot]'
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           ref: ${{ github.head_ref }}
           token: ${{ secrets.DEPENDABOT_TOKEN }}

diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
@@ -15,9 +15,9 @@ jobs:
   fossa:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493  # v4.2.2
 
-      - uses: fossas/fossa-action@93a52ecf7c3ac7eb40f5de77fd69b1a19524de94  # v1.5.0
+      - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac  # v1.7.0
         with:
           api-key: ${{secrets.FOSSA_API_KEY}}
           team: OpenTelemetry
diff --git a/.github/workflows/gradle-wrapper-validation.yml b/.github/workflows/gradle-wrapper-validation.yml
@@ -13,6 +13,6 @@ jobs:
   validation:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-      - uses: gradle/actions/wrapper-validation@v4.3.0
+      - uses: gradle/actions/wrapper-validation@v5.0.0
diff --git a/.github/workflows/label-pr.yml b/.github/workflows/label-pr.yml
@@ -15,7 +15,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Check for changed files
         id: file_changes
@@ -35,7 +35,7 @@ jobs:
 
       - name: "Add Label: docs-update-required"
         if: steps.file_changes.outputs.docsUpdateRequired == 'true'
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             const issue_number = context.issue.number;
@@ -48,7 +48,7 @@ jobs:
 
       - name: "Add Label: helm-update-required"
         if: steps.file_changes.outputs.helmUpdateRequired == 'true'
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             const issue_number = context.issue.number;

diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -22,11 +22,11 @@ jobs:
       # Needed for GitHub OIDC token if publish_results is true
       id-token: write
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683    # v4.2.2
+      - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493    # v4.2.2
         with:
           persist-credentials: false
 
-      - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186    # v2.4.1
+      - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a    # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -36,7 +36,7 @@ jobs:
       # uploads of run results in SARIF format to the repository Actions tab.
       # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
       - name: "Upload artifact"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02    # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4    # v5.0.0
         with:
           name: SARIF file
           path: results.sarif
@@ -45,6 +45,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017    # v3.28.12
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee    # v4.31.2
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/run-integration-tests.yml b/.github/workflows/run-integration-tests.yml
@@ -14,7 +14,7 @@ jobs:
     if: github.event.review.state == 'APPROVED'
     steps:
       - name: check out code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: run tracetesting
         run: |
           make build && docker system prune -f && make run-tracetesting
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -12,7 +12,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           stale-pr-message: 'This PR was marked stale due to lack of activity. It will be closed in 7 days.'
           close-pr-message: 'Closed as inactive. Feel free to reopen if this PR is still being worked on.'