Bump the actions group across 1 directory with 6 updates

[dependabot]

Bumps the actions group with 6 updates in the / directory:

Package	From	To
actions/checkout	4	6
generoi/github-actions	1	2
dawidd6/action-download-artifact	20	21
actions/upload-artifact	7.0.0	7.0.1
actions/setup-node	6.3.0	6.4.0
actions/create-github-app-token	2	3

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Updates generoi/github-actions from 1 to 2

Commits

• 2e72ae9 fix(composer-update): extract update logic to a script; fix no-widen abort (#31)
• 7705c4c fix(composer-update): don't abort PR when all unhandled packages are no-widen...
• d5d37bc composer-update: widen with ^min_safe, not the patch-pinned ~min_safe (#29)
• faddb35 composer-update: loose-constraint fallback when tight ~X.Y.Z matches no versi...
• 496bbe8 composer-update: emit trailing newline from build_pkg_arg (#27)
• c765a89 composer-update: include direct-dep ancestors of transitives in update args (...
• 9e8d2e2 composer-update: derive ~min_safe.minor.0 constraints from composer audit dat...
• 48854fe composer-update: revert composer require outcomes that downgrade the package ...
• ccb7f60 composer-update: per-package retry so one unfixable package doesn't widen the...
• 070b579 composer-update: fix YAML block-scalar break in transitive BFS loop (#22)
• Additional commits viewable in compare view

Updates dawidd6/action-download-artifact from 20 to 21

Release notes

Sourced from dawidd6/action-download-artifact's releases.

v21

What's Changed

• build(deps): bump @​actions/github from 9.0.0 to 9.1.0 by @​dependabot[bot] in dawidd6/action-download-artifact#396
• build(deps): bump filesize from 11.0.15 to 11.0.16 by @​dependabot[bot] in dawidd6/action-download-artifact#399
• build(deps): bump fast-xml-parser from 5.5.7 to 5.7.1 by @​dependabot[bot] in dawidd6/action-download-artifact#402
• build(deps): bump @​actions/github from 9.1.0 to 9.1.1 by @​dependabot[bot] in dawidd6/action-download-artifact#400
• build(deps): bump @​actions/core from 3.0.0 to 3.0.1 by @​dependabot[bot] in dawidd6/action-download-artifact#401
• build(deps): bump filesize from 11.0.16 to 11.0.17 by @​dependabot[bot] in dawidd6/action-download-artifact#404
• Download artifacts in creation order by @​matejdro in dawidd6/action-download-artifact#398
• node_modules: update by @​dawidd6 in dawidd6/action-download-artifact#405

New Contributors

• @​matejdro made their first contribution in dawidd6/action-download-artifact#398

Full Changelog: dawidd6/action-download-artifact@v20...v21

Commits

• b6e2e70 node_modules: update (#405)
• 1708cb3 Download artifacts in creation order (#398)
• 00b585a build(deps): bump filesize from 11.0.16 to 11.0.17 (#404)
• 0414c42 build(deps): bump @​actions/core from 3.0.0 to 3.0.1 (#401)
• c802aad build(deps): bump @​actions/github from 9.1.0 to 9.1.1 (#400)
• ef06691 build(deps): bump fast-xml-parser from 5.5.7 to 5.7.1 (#402)
• 026702e build(deps): bump filesize from 11.0.15 to 11.0.16 (#399)
• 09d0677 build(deps): bump @​actions/github from 9.0.0 to 9.1.0 (#396)
• See full diff in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• See full diff in compare view

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

• Upgrade @​actions dependencies by @​Copilot in actions/setup-node#1525
• Update Node.js versions in versions.yml and bump package to v6.4.0 by @​priya-kinthali in actions/setup-node#1533

New Contributors

• @​Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

• 48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
• ab72c7e Upgrade @​actions dependencies (#1525)
• See full diff in compare view

Updates actions/create-github-app-token from 2 to 3

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

• feat!: node 24 support (#275) (2e564a0)
• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (4451bcb)

Bug Fixes

• remove custom proxy handling (#143) (dce0ab0)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

• deps: bump @​actions/core from 1.11.1 to 3.0.0 (#337) (b044133)
• deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)
• deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)
• deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)
• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)
• deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Changelog

Sourced from actions/create-github-app-token's changelog.

Changelog

Commits

• bcd2ba4 chore(main): release 3.2.0 (#370)
• f24bbd8 fix: validate private-key input (#376)
• 363531b docs: capitalize Git as a proper noun in README (#374)
• fd28011 docs: update procedure to configure Git (#287)
• 85eb8dd feat: support full repository names in repositories input (#372)
• c9aabb8 build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...
• e02e816 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)
• 8d835bf build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...
• 952a2a7 feat: add support for enterprise-level GitHub Apps (#263)
• 43e5c34 fix(deps): bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependenc...
• Additional commits viewable in compare view

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.