Skip to content

Bump the actions-production-dependencies group across 1 directory with 12 updates#220

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-production-dependencies-15436205ca
Open

Bump the actions-production-dependencies group across 1 directory with 12 updates#220
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-production-dependencies-15436205ca

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions-production-dependencies group with 12 updates in the / directory:

Package From To
actions/checkout 6.0.2 7.0.0
actions/setup-python 6.2.0 6.3.0
umbrelladocs/action-linkspector 1.4.1 1.5.4
docker/login-action 4.1.0 4.3.0
docker/setup-qemu-action 4.0.0 4.2.0
docker/setup-buildx-action 4.0.0 4.2.0
docker/build-push-action 7.1.0 7.3.0
fossas/fossa-action 1.9.0 2.0.0
gradle/actions/wrapper-validation 6.1.0 6.2.0
actions/upload-artifact 7.0.0 7.0.1
github/codeql-action/upload-sarif 4.35.1 4.36.3
actions/stale 10.2.0 10.3.0

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Commits

Updates actions/setup-python from 6.2.0 to 6.3.0

Release notes

Sourced from actions/setup-python's releases.

v6.3.0

What's Changed

Enhancement

Dependency update

Documentation

New Contributors

Full Changelog: actions/setup-python@v6...v6.3.0

Commits

Updates umbrelladocs/action-linkspector from 1.4.1 to 1.5.4

Release notes

Sourced from umbrelladocs/action-linkspector's releases.

Release v1.5.4

v1.5.4: PR #66 - Revise README for sponsorship and usage details

Release v1.5.3

v1.5.3: PR #65 - chore: bump linkspector version to 0.5.5 which uses puppeteer to 25.1.0

Release v1.5.2

v1.5.2: PR #61 - Update linkspector version to 0.5.3

Release v1.5.1

v1.5.1: PR #60 - Update linkspector version to 0.5.2

Release v1.5.0

v1.5.0: PR #59 - Update linkspector version to 0.5.1

Release v1.4.2

v1.4.2: PR #53 - Update linkspector version to 0.4.8

Commits
  • 6c637d7 Merge pull request #66 from UmbrellaDocs/gaurav-nelson-patch-1
  • fa9d82c Revise README for sponsorship and usage details
  • 84145af Merge pull request #63 from baywet/patch-1
  • efb9f52 fix: updates cache step version to avoid getting node20/24 warnings
  • 15f97e5 Merge pull request #65 from UmbrellaDocs/fix-62
  • 1032e96 chore: bump linkspector version to 0.5.5 which uses puppeteer to 25.1.0
  • 036f295 Merge pull request #61 from UmbrellaDocs/update-linkspector-version
  • c4668bb Update linkspector version to 0.5.3
  • 04a1ac5 Merge pull request #58 from UmbrellaDocs/arm64-runner-support
  • 07e5b12 feat: Add support for arm64 runners and system Chromium installation
  • Additional commits viewable in compare view

Updates docker/login-action from 4.1.0 to 4.3.0

Release notes

Sourced from docker/login-action's releases.

v4.3.0

Full Changelog: docker/login-action@v4.2.0...v4.3.0

v4.2.0

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits
  • c99871d Merge pull request #1030 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...
  • b433555 [dependabot skip] chore: update generated content
  • 678a46a build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • f9a0aea Merge pull request #1031 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • cc1e4cb build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 02e1730 Merge pull request #1029 from docker/dependabot/npm_and_yarn/sigstore/verify-...
  • b548518 build(deps): bump @​sigstore/verify from 3.1.0 to 3.1.1
  • a244be3 Merge pull request #1027 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • ee0d698 [dependabot skip] chore: update generated content
  • 127dc2c build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • Additional commits viewable in compare view

Updates docker/setup-qemu-action from 4.0.0 to 4.2.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.2.0

Full Changelog: docker/setup-qemu-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-qemu-action@v4.0.0...v4.1.0

Commits
  • 96fe6ef Merge pull request #315 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 31f08d3 [dependabot skip] chore: update generated content
  • 4e7017a build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 0eca235 Merge pull request #314 from crazy-max/fix-yarn-preapprove-actions-toolkit
  • ea66a41 chore: allow actions-toolkit to bypass yarn age gate
  • 451542b Merge pull request #308 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 532ae00 [dependabot skip] chore: update generated content
  • b6f5af6 build(deps): bump undici from 6.26.0 to 6.27.0
  • cf96b86 Merge pull request #304 from docker/dependabot/npm_and_yarn/tmp-0.2.7
  • f0ba643 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.0.0 to 4.2.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.2.0

Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits
  • bb05f3f Merge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 321c814 [dependabot skip] chore: update generated content
  • b9a36ef build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • ebeab24 Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 5c7b8ae [dependabot skip] chore: update generated content
  • 037e618 build(deps): bump undici from 6.25.0 to 6.27.0
  • 66080e5 Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 409aef0 Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 49c6e42 build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 2211273 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/build-push-action from 7.1.0 to 7.3.0

Release notes

Sourced from docker/build-push-action's releases.

v7.3.0

Full Changelog: docker/build-push-action@v7.2.0...v7.3.0

v7.2.0

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

Commits
  • 53b7df9 Merge pull request #1572 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 154298c [dependabot skip] chore: update generated content
  • cb1238b chore(deps): Bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 24f845d Merge pull request #1566 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 9c69730 [dependabot skip] chore: update generated content
  • bc3a3a5 Merge pull request #1574 from docker/dependabot/github_actions/aws-actions/co...
  • a82c504 chore(deps): Bump js-yaml from 4.1.1 to 4.3.0
  • 0285a75 Merge pull request #1573 from docker/dependabot/github_actions/actions/cache-...
  • c6ad2a3 Merge pull request #1575 from docker/dependabot/github_actions/actions/checko...
  • d37484f Merge pull request #1564 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • Additional commits viewable in compare view

Updates fossas/fossa-action from 1.9.0 to 2.0.0

Release notes

Sourced from fossas/fossa-action's releases.

v2.0.0

Breaking change: Node 24 runtime

This action now runs on the Node 24 GitHub Actions runtime (previously Node 20), via #277.

  • GitHub-hosted runners: no action needed.
  • Self-hosted runners: you must be on a runner version that bundles the Node 24 runtime. Update your runner if you pin fossas/fossa-action@v2.

The @v1 line is unchanged and stays on Node 20, so existing @v1 users are not affected until they opt into @v2. #277 is the only change that touches the action's runtime code (dist/) — everything else below is CI or dev-tooling only.

Everything in v1.9.0 → v2.0.0

Action runtime

  • Upgrade to Node.js 24 and Yarn 4 (Corepack, packageManager: yarn@4.13.0, engines.node >= 24.0.0) — #277

CI / repo tooling (no effect on consumers)

  • Fix the repo's fossa test --diff CI step to work with push events (first push to a new branch falls back to diffing the default branch) — #278
  • Make dependabot ignore major-version bumps of @types/node#291

Dev-dependency bumps (no effect on consumers)

  • eslint 9.39.4 → 10.2.0 → 10.2.1 — #288, #297
  • @​typescript-eslint/eslint-plugin 8.58.0 → 8.58.2 — #290, #295
  • @​types/node 24.12.0 → 24.12.2 — #293
  • globals 17.4.0 → 17.5.0 — #294
  • @​eslint/compat 2.0.3 → 2.0.4 — #287

Full changelog: fossas/fossa-action@v1.9.0...v2.0.0

Commits
  • 29693cc Bump eslint from 10.2.0 to 10.2.1 (#297)
  • 4edee72 Bump @​typescript-eslint/eslint-plugin from 8.58.1 to 8.58.2 (#295)
  • 5ebf75c Bump globals from 17.4.0 to 17.5.0 (#294)
  • c765e94 Bump @​types/node from 24.12.0 to 24.12.2 (#293)
  • e23f415 Make dependabot ignore major version upgrades to @​types/node (#291)
  • b36611c Bump @​typescript-eslint/eslint-plugin from 8.58.0 to 8.58.1 (#290)
  • 255120c Bump @​eslint/compat from 2.0.3 to 2.0.4 (#287)
  • b5287b2 Bump eslint from 9.39.4 to 10.2.0 (#288)
  • fd9df06 Fix FOSSA test --diff step to work with push events (#278)
  • fca84c8 Upgrade to Node.js 24 and Yarn 4 (#277)
  • See full diff in compare view

Updates gradle/actions/wrapper-validation from 6.1.0 to 6.2.0

Release notes

Sourced from gradle/actions/wrapper-validation's releases.

v6.2.0

Highlights

This release brings significant behaviour improvements to Enhanced caching, improvements to the generated Job Summary, and a number of correctness and security fixes.

  1. Improved cache-cleanup mechanism. Cleanup of stale files from the Gradle User Home is now faster, and no longer depends on Gradle or a JVM. It works by inspecting the local file state directly, removing the Gradle invocation from the post-build step.
  2. More granular, more stable caching. The local build cache is stored as a separate cache entry, so it can be restored and invalidated independently of the main Gradle User Home entry. Transient Gradle housekeeping files are excluded from the cache, reducing its size and improving stability.
  3. Hide obsolete Job summaries in PR commments: When a new Job summary comment is added to a PR, previous outdated Job summaries are now hidden.
  4. Improved caching report in the job summary. The cache report now uses a single, consistent layout across all cache states and providers. Provider information is integrated directly into the report, and per-entry details are available in an expandable section. (#985)
  5. Correctness and security fixes. A unique cache key is now used per run attempt, so re-runs no longer collide; the job summary shows the cache key string rather than an internal id; and bundled dependencies have been updated, including a ReDoS fix and a fast-xml CVE fix.

What's Changed

New Contributors

Full Changelog: gradle/actions@v6.1.1...v6.2.0

v6.1.1

This release updates various dependency versions, resolving several reported security vulnerabilities. No functional changes are included

What's Changed

Full Changelog: gradle/actions@v6.1.0...v6.1.1

Commits

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • See full diff in compare view

Updates github/codeql-action/upload-sarif from 4.35.1 to 4.36.3

Release notes

Sourced from github/codeql-action/upload-sarif's releases.

v4.36.3

No user facing changes.

v4.36.2

  • Cache CodeQL CLI version information across Actions steps. #3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
  • Update default CodeQL bundle version to 2.25.6. #3948

v4.36.1

No user facing changes.

v4.36.0

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926

v4.35.5

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

v4.35.4

  • Update default CodeQL bundle version to

…h 12 updates

Bumps the actions-production-dependencies group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` |
| [umbrelladocs/action-linkspector](https://github.com/umbrelladocs/action-linkspector) | `1.4.1` | `1.5.4` |
| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.3.0` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.2.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.3.0` |
| [fossas/fossa-action](https://github.com/fossas/fossa-action) | `1.9.0` | `2.0.0` |
| [gradle/actions/wrapper-validation](https://github.com/gradle/actions) | `6.1.0` | `6.2.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.35.1` | `4.36.3` |
| [actions/stale](https://github.com/actions/stale) | `10.2.0` | `10.3.0` |



Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v6.0.2...v7)

Updates `actions/setup-python` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a309ff8...ece7cb0)

Updates `umbrelladocs/action-linkspector` from 1.4.1 to 1.5.4
- [Release notes](https://github.com/umbrelladocs/action-linkspector/releases)
- [Commits](UmbrellaDocs/action-linkspector@37c85bc...6c637d7)

Updates `docker/login-action` from 4.1.0 to 4.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@4907a6d...c99871d)

Updates `docker/setup-qemu-action` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@ce36039...96fe6ef)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4d04d5d...bb05f3f)

Updates `docker/build-push-action` from 7.1.0 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@bcafcac...53b7df9)

Updates `fossas/fossa-action` from 1.9.0 to 2.0.0
- [Release notes](https://github.com/fossas/fossa-action/releases)
- [Commits](fossas/fossa-action@ff70fe9...29693cc)

Updates `gradle/actions/wrapper-validation` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@50e97c2...3f131e8)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `github/codeql-action/upload-sarif` from 4.35.1 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@c10b806...54f647b)

Updates `actions/stale` from 10.2.0 to 10.3.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@b5d41d4...eb5cf3a)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-production-dependencies
- dependency-name: actions/setup-python
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-production-dependencies
- dependency-name: umbrelladocs/action-linkspector
  dependency-version: 1.5.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-production-dependencies
- dependency-name: docker/login-action
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-production-dependencies
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-production-dependencies
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-production-dependencies
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-production-dependencies
- dependency-name: fossas/fossa-action
  dependency-version: 2.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-production-dependencies
- dependency-name: gradle/actions/wrapper-validation
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-production-dependencies
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-production-dependencies
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-production-dependencies
- dependency-name: actions/stale
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants