Bump the github-actions group across 1 directory with 9 updates #3805

dependabot · 2025-02-01T22:21:04Z

Bumps the github-actions group with 9 updates in the / directory:

Package	From	To
step-security/harden-runner	`2.5.1`	`2.10.4`
actions/checkout	`2.7.0`	`4.2.2`
arduino/setup-protoc	`1.3.0`	`3.0.0`
github/codeql-action	`2.21.3`	`3.28.8`
actions/dependency-review-action	`3.0.7`	`4.5.0`
actions/setup-java	`3.12.0`	`4.7.0`
google/osv-scanner-action	`8bd1ce1c4be9d98053ffd9e6e14585276a36762c`	`126676819209c3a606f31bc46ad974fba4f2012c`
ossf/scorecard-action	`2.3.3`	`2.4.0`
actions/upload-artifact	`4.3.3`	`4.6.0`

Updates step-security/harden-runner from 2.5.1 to 2.10.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.10.4

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

v2.10.2

What's Changed

Fixes low-severity command injection weaknesses The advisory is here: GHSA-g85v-wf27-67xc

Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

v2.10.1

What's Changed

Release v2.10.1 by @varunsh-coder in step-security/harden-runner#463 Bug fix: Resolves an issue where DNS resolution of .local domains was failing when using a Kind cluster in a GitHub Actions workflow.

Full Changelog: step-security/harden-runner@v2...v2.10.1

v2.10.0

What's Changed

Release v2.10.0 by @h0x0er and @varunsh-coder in step-security/harden-runner#455

ARM Support: Harden-Runner Enterprise tier now supports GitHub-hosted ARM runners. This includes all the features that apply to previously supported GitHub-hosted x64 Linux runners.

Full Changelog: step-security/harden-runner@v2...v2.10.0

v2.9.1

What's Changed

Release v2.9.1 by @h0x0er and @varunsh-coder in #440 This release includes two changes:

Updated markdown displayed in the job summary by the Harden-Runner Action.

Fixed a bug affecting Enterprise Tier customers where the agent attempted to upload telemetry for jobs with disable-telemetry set to true. No telemetry was uploaded as the endpoint was not in the allowed list.

Full Changelog: step-security/harden-runner@v2...v2.9.1

v2.9.0

What's Changed

Release v2.9.0 by @h0x0er and @varunsh-coder in step-security/harden-runner#435 This release includes:

... (truncated)

Commits

cb605e5 Merge pull request #496 from step-security/fix-enobufs
61144dd Update log statement
b8be370 Add try catch block
6f6fa07 Fix ENOBUFS issue
18f6947 Merge pull request #495 from AkhigbeEromo/Update-README
81f844e Edit docs
4c766de Merge branch 'Update-README' of https://github.com/AkhigbeEromo/harden-runner...
c9c5f32 Handle Ashish reviews
2877824 Merge branch 'main' into Update-README
be87de0 Clean up
Additional commits viewable in compare view

Updates actions/checkout from 2.7.0 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

@yasonk made their first contribution in actions/checkout#1869

@lucacome made their first contribution in actions/checkout#1180

Full Changelog: actions/checkout@v4.1.7...v4.2.0

v4.1.7

What's Changed

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

New Contributors

@orhantoy made their first contribution in actions/checkout#1774

Full Changelog: actions/checkout@v4.1.6...v4.1.7

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
d632683 Prepare 4.2.0 release (#1878)
6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
b684943 Add Ref and Commit outputs (#1180)
Additional commits viewable in compare view

Updates arduino/setup-protoc from 1.3.0 to 3.0.0

Release notes

Sourced from arduino/setup-protoc's releases.

v3.0.0

What's Changed

Correct convetion typo in README by @nixpanic in arduino/setup-protoc#91

Bump @babel/traverse from 7.22.1 to 7.23.2 by @dependabot in arduino/setup-protoc#93

Upgrade to node 20 by @alessio-perugini in arduino/setup-protoc#95

New Contributors

@nixpanic made their first contribution in arduino/setup-protoc#91

Full Changelog: arduino/setup-protoc@v2.1.0...v3.0.0

v2.1.0

What's Changed

Expose path and version in outputs by @sebastienvermeille in arduino/setup-protoc#89

Bump semver from 7.5.1 to 7.5.2 by @dependabot in arduino/setup-protoc#87

bump semver to 7.5.3 by @alessio-perugini in arduino/setup-protoc#90

New Contributors

@sebastienvermeille made their first contribution in arduino/setup-protoc#89

Full Changelog: arduino/setup-protoc@v2.0.0...v2.1.0

v2.0.0

Changelog

Adding support for the MINOR.PATCH tag naming

Breaking

Support only the new protobuf versioning scheme arduino/setup-protoc#78

Full Changelog: arduino/setup-protoc@v1.3.0...v2.0.0

Contributors

@ajasmin

@woodruffw

@zeisss

Commits

c65c819 Upgrade to node 20 (#95)
52a53b4 Merge pull request #93 from arduino/dependabot/npm_and_yarn/babel/traverse-7....
cf7ab7f Bump @babel/traverse from 7.22.1 to 7.23.2
e2995ba Correct convetion typo in README (#91)
a8b67ba bump semver to 7.5.3 (#90)
1530d62 Bump semver from 7.5.1 to 7.5.2 (#87)
0fbeb49 Expose path and version in outputs (#89)
9b1ee5b v2 release note (#82)
28fd3e5 Support only the new protobuf versioning scheme (#78)
See full diff in compare view

Updates github/codeql-action from 2.21.3 to 3.28.8

Release notes

Sourced from github/codeql-action's releases.

v3.28.8

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

See the full CHANGELOG.md for more information.

v3.28.7

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.7 - 29 Jan 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.28.6

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.6 - 27 Jan 2025

Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

See the full CHANGELOG.md for more information.

v3.28.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

See the full CHANGELOG.md for more information.

v3.28.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.28.4 - 23 Jan 2025

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.28.8 - 29 Jan 2025

Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. #2744

3.28.7 - 29 Jan 2025

No user facing changes.

3.28.6 - 27 Jan 2025

Re-enable debug artifact upload for CLI versions 2.20.3 or greater. #2726

3.28.5 - 24 Jan 2025

Update default CodeQL bundle version to 2.20.3. #2717

3.28.4 - 23 Jan 2025

No user facing changes.

3.28.3 - 22 Jan 2025

Update default CodeQL bundle version to 2.20.2. #2707

Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the CodeQL Action sync tool and the Actions runner did not have Zstandard installed. #2710

Uploading debug artifacts for CodeQL analysis is temporarily disabled. #2712

3.28.2 - 21 Jan 2025

No user facing changes.

3.28.1 - 10 Jan 2025

CodeQL Action v2 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v3. For more information, see this changelog post. #2677

Update default CodeQL bundle version to 2.20.1. #2678

3.28.0 - 20 Dec 2024

Bump the minimum CodeQL bundle version to 2.15.5. #2655

Don't fail in the unusual case that a file is on the search path. #2660.

3.27.9 - 12 Dec 2024

... (truncated)

Commits

dd74661 Merge pull request #2746 from github/update-v3.28.8-a91a3f767
3210a3c Fix Kotlin version in changelog
72f9d02 Update changelog for v3.28.8
a91a3f7 Merge pull request #2744 from github/igfoo/kot2.1.10
c520fb5 Merge pull request #2745 from github/mergeback/v3.28.7-to-main-6e545590
3879c57 Add changelog entry
0c21937 Run "npm run build"
5a61bf0 Kotlin: The 2.20.3 release supports Kotlin 2.1.10.
163d119 Update checked-in dependencies
bcf5cec Update changelog and version after v3.28.7
Additional commits viewable in compare view

Updates actions/dependency-review-action from 3.0.7 to 4.5.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.5.0

What's Changed

Bump got from 14.4.2 to 14.4.3 by @dependabot in actions/dependency-review-action#844

Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in actions/dependency-review-action#847

Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in actions/dependency-review-action#849

Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in actions/dependency-review-action#850

fix: add summary comment on failure when warn-only: true by @ebickle in actions/dependency-review-action#827

Prepare for 4.5.0 release by @Ahmed3lmallah in actions/dependency-review-action#851

New Contributors

@ebickle made their first contribution in actions/dependency-review-action#827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

v4.4.0

What's Changed

Fix for merge_group event bug by @Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: actions/dependency-review-action@v4.3.5...v4.4.0

v4.3.5

What's Changed

fix: getRefs function to handle merge_group events by @louis-bompart in actions/dependency-review-action#766

Create pull_request_template.md by @jonjanego in actions/dependency-review-action#794

Update CONTRIBUTING.md by @jonjanego in actions/dependency-review-action#793

Bump @types/node from 20.11.28 to 20.16.0 by @dependabot in actions/dependency-review-action#815

Upgrade transitive micromatch library by @elireisman in actions/dependency-review-action#829

Do not list changed dependencies in summary by @hmaurer in actions/dependency-review-action#828

Update stale.yaml by @jonjanego in actions/dependency-review-action#832

Bump got from 14.4.1 to 14.4.2 by @dependabot in actions/dependency-review-action#822

Bump eslint-plugin-jest and ts-jest by @Ahmed3lmallah in actions/dependency-review-action#840

New Contributors

@louis-bompart made their first contribution in actions/dependency-review-action#766

@Ahmed3lmallah made their first contribution in actions/dependency-review-action#840

Full Changelog: actions/dependency-review-action@v4.3.4...v4.3.5

v4.3.4

What's Changed

Include all added dependencies in scorecard entries by @elireisman in actions/dependency-review-action#783

Update SPDX Expression Parsing by @febuiles in actions/dependency-review-action#719

This PR is a significant refactor of SPDX expression parsing that may fix some bugs, but unfortunately there are several related known issues that remain unresolved as of this version.

Full Changelog: actions/dependency-review-action@v4.3.3...v4.3.4

Notes for v4.3.3

What's Changed

Allow slashes in purl package names by @juxtin in actions/dependency-review-action#765

... (truncated)

Commits

3b139cf Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-release
d6807b6 updating generated code
c89b41f addressing lint issues
eee97d8 incrementing project version
9d10182 Merge pull request #827 from ebickle/fix/comment-warn-only
9192be9 Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-21538
2fc8e23 Using cross-spawn safe version
fb86db2 fix: resolve race conditions in async core.group calls
0a198ab fix: replace integer failureCount with boolean
fc499fc Merge branch 'main' into fix/comment-warn-only
Additional commits viewable in compare view

Updates actions/setup-java from 3.12.0 to 4.7.0

Release notes

Sourced from actions/setup-java's releases.

v4.7.0

What's Changed

Configure Dependabot settings by @HarithaVattikuti in actions/setup-java#722

README Update: Added a permissions section by @benwells in actions/setup-java#723

Upgrade cache from version 3.2.4 to 4.0.0 by @aparnajyothi-y in actions/setup-java#724

Upgrade @actions/http-client from 2.2.1 to 2.2.3 by @dependabot in actions/setup-java#728

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-java#727

Upgrade @types/jest from 29.5.12 to 29.5.14 by @dependabot in actions/setup-java#729

New Contributors

@benwells made their first contribution in actions/setup-java#723

Full Changelog: actions/setup-java@v4...v4.7.0

v4.6.0

What's Changed

Add-ons:

Add Support for JetBrains Runtime by @gmitch215 in actions/setup-java#637
 - name: Checkout
   uses: actions/checkout@v4
 - name: Setup-java
   uses: actions/setup-java@v4
   with:
     distribution: ‘jetbrains’
     java-version: '21'
Bug fixes:

Fix Ubuntu-latest CI failures by @mahabaleshwars in actions/setup-java#693

New Contributors

@gmitch215 made their first contribution in actions/setup-java#637

Full Changelog: actions/setup-java@v4...v4.6.0

v4.5.0

What's Changed

Upgrade IA Publish by @Jcambass in #686

Bug fixes:

Improve archive extraction on windows runners without powershell core and Update micromatch dependency by @priyagupta108 in #689

Update workflows for GraalVM and Version Enhancements by @mahabaleshwars in #699

Refine isGhes logic by @jww3 in #697

New Contributors:

... (truncated)

Commits

3a4f6e1 Bump @types/jest from 29.5.12 to 29.5.14 (#729)
25f376e Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#727)
d4e4b6b Bump @actions/http-client from 2.2.1 to 2.2.3 (#728)
28b532b Create dependabot.yml (#722)
51ab6d2 Update cache from 3.2.4 to 4.0.0 (#724)
99d3141 Update README.md (#723)
7a6d8a8 Add Support for JetBrains Runtime (#637)
7136edc Fix sbt and x86 CI failures on Ubuntu-24 (#693)
8df1039 Refine isGhes logic (#697)
870c199 Update workflows for GraalVM and Version Enhancements (#699)
Additional commits viewable in compare view

Updates google/osv-scanner-action from 8bd1ce1c4be9d98053ffd9e6e14585276a36762c to 126676819209c3a606f31bc46ad974fba4f2012c

Commits

1266768 Merge pull request #50 from renovate-bot/renovate/workflows
c10cec9 chore(deps): update workflows
764c918 Merge pull request #53 from google/update-to-v1.9.2
af3118a Update unified workflow example to point to v1.9.2 reusable workflows
e994fd8 Update reusable workflows to point to v1.9.2 actions
f8115f2 Update actions to use v1.9.2 osv-scanner image
daa2c68 Merge pull request #48 from renovate-bot/renovate/workflows
af00d40 chore(deps): update workflows
c411404 Merge pull request #49 from google/update-to-v1.9.1
1ab2a61 Update unified workflow example to point to v1.9.1 reusable workflows
See full diff in compare view

Updates ossf/scorecard-action from 2.3.3 to 2.4.0

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.0

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @spencerschrock in ossf/scorecard-action#1410

🐛 lower license sarif alert threshold to 9 by @spencerschrock in ossf/scorecard-action#1411

Documentation

docs: dogfooding badge by @jkowalleck in ossf/scorecard-action#1399

New Contributors

@jkowalleck made their first contribution in ossf/scorecard-action#1399

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

Commits

62b2cac bump docker tag to v2.4.0 for release (#1414)
c09630c lower license score alert threshold to 9 (#1411)
cf8594c 🌱 Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1413)
de5fcb9 🌱 Bump the github-actions group with 2 updates (#1412)
a46b90b bump scorecard to v5.0.0 release (#1410)
9fc518d 🌱 Bump golang in the docker-images group (#1407)
a8eaa1b 🌱 Bump the github-actions group with 2 updates (#1408)
873d5fd 🌱 Bump the github-actions group across 1 directory with 2 updates (#...
54cc1fe 🌱 Bump the docker-images group with 2 updates (#1401)
82bcb91 🌱 Bump golang.org/x/net from 0.26.0 to 0.27.0 (#1400)
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.3.3 to 4.6.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.0

What's Changed

Expose env vars to control concurrency and timeout by @yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

fix: deprecated Node.js version in action by @hamirmahal in actions/upload-artifact#578

Add new artifact-digest output by @bdehamer in actions/upload-artifact#656

New Contributors

@hamirmahal made their first contribution in actions/upload-artifact#578

@bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

What's Changed

Undo indirect dependency updates from #627 by @joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

Bump @actions/artifact to 2.1.11 by @robherley in actions/upload-artifact#627

Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

What's Changed

Add a section about hidden files by @joshmgross in actions/upload-artifact#607

Add workflow file for publishing releases to immutable action package by @Jcambass in actions/upload-artifact#621

Update @actions/artifact to latest version, includes symlink and timeout fixes by @robherley in actions/upload-artifact#625

New Contributors

@Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: actions/upload-artifact@v4.4.0...v4.4.1

v4.4.0

Notice: Breaking Changes ⚠️

We will no longer include hidden files and folders by default in the upload-artifact action of this version. This reduces the risk that credentials are accidentally uploaded into artifacts. Customers who need to continue to upload these files can use a new option, include-hidden-files, to continue to do so.

See "Notice of upcoming deprecations and breaking changes in GitHub Actions runners" changelog and this issue for more details.

... (truncated)

Commits

65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
0207619 move files back to satisfy licensed ci
1ecca81 licensed cache updates
9742269 Expose env vars to controll concurrency and timeout
6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
c40c16d add new artifact-digest output
735efb4 bump @actions/artifact from 2.1.11 to 2.2.0
184... Description has been truncated

Bumps the github-actions group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.5.1` | `2.10.4` | | [actions/checkout](https://github.com/actions/checkout) | `2.7.0` | `4.2.2` | | [arduino/setup-protoc](https://github.com/arduino/setup-protoc) | `1.3.0` | `3.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `2.21.3` | `3.28.8` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `3.0.7` | `4.5.0` | | [actions/setup-java](https://github.com/actions/setup-java) | `3.12.0` | `4.7.0` | | [google/osv-scanner-action](https://github.com/google/osv-scanner-action) | `8bd1ce1c4be9d98053ffd9e6e14585276a36762c` | `126676819209c3a606f31bc46ad974fba4f2012c` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.3` | `2.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.3` | `4.6.0` | Updates `step-security/harden-runner` from 2.5.1 to 2.10.4 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@8ca2b8b...cb605e5) Updates `actions/checkout` from 2.7.0 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2.7.0...11bd719) Updates `arduino/setup-protoc` from 1.3.0 to 3.0.0 - [Release notes](https://github.com/arduino/setup-protoc/releases) - [Commits](arduino/setup-protoc@149f6c8...c65c819) Updates `github/codeql-action` from 2.21.3 to 3.28.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v2.21.3...dd74661) Updates `actions/dependency-review-action` from 3.0.7 to 4.5.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@7d90b4f...3b139cf) Updates `actions/setup-java` from 3.12.0 to 4.7.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](actions/setup-java@cd89f46...3a4f6e1) Updates `google/osv-scanner-action` from 8bd1ce1c4be9d98053ffd9e6e14585276a36762c to 126676819209c3a606f31bc46ad974fba4f2012c - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@8bd1ce1...1266768) Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@dc50aa9...62b2cac) Updates `actions/upload-artifact` from 4.3.3 to 4.6.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@6546280...65c4c4a) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: arduino/setup-protoc dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-java dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: google/osv-scanner-action dependency-type: direct:production dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot requested a review from a team as a code owner February 1, 2025 22:21

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 1, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group across 1 directory with 9 updates #3805

Bump the github-actions group across 1 directory with 9 updates #3805

dependabot bot commented on behalf of github Feb 1, 2025

Bump the github-actions group across 1 directory with 9 updates #3805

Are you sure you want to change the base?

Bump the github-actions group across 1 directory with 9 updates #3805

Conversation

dependabot bot commented on behalf of github Feb 1, 2025

v2.10.4

What's Changed

v2.10.3

What's Changed

v2.10.2

What's Changed

v2.10.1

What's Changed

v2.10.0

What's Changed

v2.9.1

What's Changed

v2.9.0

What's Changed

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

v4.2.0

What's Changed

New Contributors

v4.1.7

What's Changed

New Contributors

v4.1.6

What's Changed

v4.1.5

What's Changed

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v3.0.0

What's Changed

New Contributors

v2.1.0

What's Changed

New Contributors

v2.0.0

Changelog

Breaking

Contributors

v3.28.8

CodeQL Action Changelog

3.28.8 - 29 Jan 2025

v3.28.7

CodeQL Action Changelog

3.28.7 - 29 Jan 2025

v3.28.6

CodeQL Action Changelog

3.28.6 - 27 Jan 2025

v3.28.5

CodeQL Action Changelog

3.28.5 - 24 Jan 2025

v3.28.4

CodeQL Action Changelog

3.28.4 - 23 Jan 2025

CodeQL Action Changelog

[UNRELEASED]

3.28.8 - 29 Jan 2025

3.28.7 - 29 Jan 2025

3.28.6 - 27 Jan 2025

3.28.5 - 24 Jan 2025

3.28.4 - 23 Jan 2025

3.28.3 - 22 Jan 2025

3.28.2 - 21 Jan 2025