Skip to content

chore(deps): bump the actions group with 5 updates#4

Merged
bradfair merged 1 commit into
mainfrom
dependabot/github_actions/actions-ec5c6b8c3e
Apr 21, 2026
Merged

chore(deps): bump the actions group with 5 updates#4
bradfair merged 1 commit into
mainfrom
dependabot/github_actions/actions-ec5c6b8c3e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 21, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Bumps the actions group with 5 updates:

Package From To
actions/checkout 4.3.1 6.0.2
dorny/paths-filter 3.0.3 4.0.1
actions/setup-go 5.6.0 6.4.0
goreleaser/goreleaser-action 6.4.0 7.1.0
actions/create-github-app-token 1.12.0 3.1.1

Updates actions/checkout from 4.3.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates dorny/paths-filter from 3.0.3 to 4.0.1

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.1

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v4.0.0...v4.0.1

v4.0.0

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.1

v2.11.0

v2.10.2

v2.10.1

v2.10.0

v2.9.3

v2.9.2

v2.9.1

v2.9.0

... (truncated)

Commits
  • fbd0ab8 feat: add merge_group event support
  • efb1da7 feat: add dist/ freshness check to PR workflow
  • d8f7b06 Merge pull request #302 from dorny/issue-299
  • addbc14 Update README for v4
  • 9d7afb8 Update CHANGELOG for v4.0.0
  • 782470c Merge branch 'releases/v3'
  • ce10459 Merge pull request #294 from saschabratton/master
  • 5f40380 feat: update action runtime to node24
  • See full diff in compare view

Updates actions/setup-go from 5.6.0 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

What's Changed

Enhancements

Dependency updates

New Contributors

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

... (truncated)

Commits

Updates goreleaser/goreleaser-action from 6.4.0 to 7.1.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.1.0

What's Changed

New Contributors

Full Changelog: goreleaser/goreleaser-action@v7...v7.1.0

v7.0.0

What's Changed

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

Commits
  • e24998b ci: drop pre-cosign-v3 goreleaser versions from tests (#554)
  • be2e8a3 docs: document cosign verification in README (#553)
  • 5e53f8e ci: add release-major-tag workflow (#552)
  • 4068afa build: drop docker-bake in favor of plain npm (#551)
  • 213ec80 docs: add CONTRIBUTING with pre-commit workflow
  • 4b462d3 feat: verify release checksum and cosign signature (#550)
  • 01cbe07 docs: Upgrade import GPG action version (#547)
  • 2a473d7 ci(deps): bump the actions group with 5 updates (#546)
  • fdcf0b9 clean: leftover files from node 22(?)
  • 9881cc5 fix: use new static URL
  • Additional commits viewable in compare view

Updates actions/create-github-app-token from 1.12.0 to 3.1.1

Release notes

Sourced from actions/create-github-app-token's releases.

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

  • improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

  • deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

BREAKING CHANGES

  • Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
  • Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

  • deps: bump @​actions/core from 1.11.1 to 3.0.0 (#337) (b044133)
  • deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)
  • deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)
  • deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

... (truncated)

Commits
  • 1b10c78 build(release): 3.1.1 [skip ci]
  • 07e2b76 fix: improve error message when app identifier is empty (#362)
  • ea01216 ci: remove publish-immutable-action workflow (#361)
  • 7bd0371 build(release): 3.1.0 [skip ci]
  • e6bd4e6 feat: add client-id input and deprecate app-id (#353)
  • 076e948 feat: update permission inputs (#358)
  • 3bbe07d fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
  • 28a99e3 build(deps-dev): bump c8 from 10.1.3 to 11.0.0
  • 4df5060 build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
  • 4843c53 build(deps-dev): bump the development-dependencies group with 3 updates
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

  • Chores
    • Updated GitHub Actions dependencies across CI/CD workflows including checkout, environment setup tools, release generation, and token management actions to the latest stable versions.

@dependabot
chore(deps): bump the actions group with 5 updates
d1dbc10 
Bumps the actions group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3.0.3` | `4.0.1` |
| [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.4.0` | `7.1.0` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `1.12.0` | `3.1.1` |


Updates `actions/checkout` from 4.3.1 to 6.0.2
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@34e1148...de0fac2)

Updates `dorny/paths-filter` from 3.0.3 to 4.0.1
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](dorny/paths-filter@d1c1ffe...fbd0ab8)

Updates `actions/setup-go` from 5.6.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@40f1582...4a36011)

Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.1.0
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@e435ccd...e24998b)

Updates `actions/create-github-app-token` from 1.12.0 to 3.1.1
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](actions/create-github-app-token@d72941d...1b10c78)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: dorny/paths-filter
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-go
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: goreleaser/goreleaser-action
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-version: 3.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 21, 2026
@coderabbitai

coderabbitai Bot commented Apr 21, 2026
edited
Loading

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Lite

Run ID: a1bc1c52-64fd-4595-a14b-35e6baa94c55

📥 Commits

Reviewing files that changed from the base of the PR and between 9ee3e3d and d1dbc10.

📒 Files selected for processing (3)
  • .github/workflows/ci.yml
  • .github/workflows/release-please.yml
  • .github/workflows/release.yml
📝 Walkthrough

Walkthrough

Three GitHub workflow files were updated with newer pinned versions of GitHub Actions: actions/checkout, actions/setup-go, goreleaser/goreleaser-action, dorny/paths-filter, and actions/create-github-app-token. No workflow logic, conditions, commands, or input parameters were modified.

Changes

Cohort / File(s) Summary
GitHub Actions Version Updates
.github/workflows/ci.yml, .github/workflows/release-please.yml, .github/workflows/release.yml		 Updated pinned action versions: actions/checkout (v4.3.1 → v6.0.2), actions/setup-go (v5.6.0 → v6.4.0), goreleaser/goreleaser-action (v6.4.0 → v7.1.0), dorny/paths-filter (v3.0.3 → v4.0.1), and actions/create-github-app-token (v1.12.0 → v3.1.1). All inputs and downstream usage remain unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~8 minutes

Poem

🐰 Hop along, actions new and bright,
Version bumps to set things right,
Checkout, setup, release with care,
Workflows faster, fresh as air!
🚀✨

Comment @coderabbitai help to get the list of available commands and usage tips.

hpt-bot[bot]
hpt-bot Bot approved these changes Apr 21, 2026
View reviewed changes

@hpt-bot hpt-bot Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by dependabot-automerge workflow

hpt-bot[bot]
hpt-bot Bot approved these changes Apr 21, 2026
View reviewed changes

@hpt-bot hpt-bot Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by dependabot-automerge workflow

hpt-bot[bot]
hpt-bot Bot approved these changes Apr 21, 2026
View reviewed changes

@hpt-bot hpt-bot Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by dependabot-automerge workflow

@bradfair bradfair added this pull request to the merge queue Apr 21, 2026
hpt-bot[bot]
hpt-bot Bot approved these changes Apr 21, 2026
View reviewed changes

@hpt-bot hpt-bot Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto-approved by dependabot-automerge workflow

Merged via the queue into main with commit 9f23fa2 Apr 21, 2026
10 checks passed
@bradfair bradfair deleted the dependabot/github_actions/actions-ec5c6b8c3e branch April 21, 2026 03:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

@hpt-bot hpt-bot[bot] hpt-bot[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bradfair