From e53a2c126e4bb67229484d18345dbe461bcaaca5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 Apr 2026 06:33:59 +0000 Subject: [PATCH] ci(deps): bump the actions group with 9 updates Bumps the actions group with 9 updates: | Package | From | To | | --- | --- | --- | | [actions/setup-go](https://github.com/actions/setup-go) | `5` | `6` | | [actions/checkout](https://github.com/actions/checkout) | `3` | `6` | | [actions/github-script](https://github.com/actions/github-script) | `7` | `9` | | [actions/setup-node](https://github.com/actions/setup-node) | `3` | `6` | | [tibdex/github-app-token](https://github.com/tibdex/github-app-token) | `1` | `2` | | [docker/login-action](https://github.com/docker/login-action) | `2.1.0` | `4.1.0` | | [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `5.22.0` | `7.2.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `1.27.1` | `3.0.1` | Updates `actions/setup-go` from 5 to 6 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v5...v6) Updates `actions/checkout` from 3 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v6) Updates `actions/github-script` from 7 to 9 - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v7...v9) Updates `actions/setup-node` from 3 to 6 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v3...v6) Updates `tibdex/github-app-token` from 1 to 2 - [Release notes](https://github.com/tibdex/github-app-token/releases) - [Commits](https://github.com/tibdex/github-app-token/compare/v1...v2) Updates `docker/login-action` from 2.1.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2.1.0...v4.1.0) Updates `release-drafter/release-drafter` from 5.22.0 to 7.2.0 - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](https://github.com/release-drafter/release-drafter/compare/v5.22.0...v7.2.0) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) Updates `slackapi/slack-github-action` from 1.27.1 to 3.0.1 - [Release notes](https://github.com/slackapi/slack-github-action/releases) - [Commits](https://github.com/slackapi/slack-github-action/compare/v1.27.1...v3.0.1) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: tibdex/github-app-token dependency-version: '2' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: release-drafter/release-drafter dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: slackapi/slack-github-action dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/adapter-code-coverage.yml | 10 +++++----- .github/workflows/code-path-changes.yml | 4 ++-- .github/workflows/cross-repo-issue.yml | 2 +- .github/workflows/issue_prioritization.yml | 2 +- .github/workflows/release.yml | 16 ++++++++-------- .github/workflows/security.yml | 4 ++-- .github/workflows/semgrep.yml | 6 +++--- .github/workflows/slack-stale-pr.yml | 2 +- .github/workflows/validate-merge.yml | 4 ++-- .github/workflows/validate.yml | 4 ++-- 10 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/adapter-code-coverage.yml b/.github/workflows/adapter-code-coverage.yml index 10dd9e89773..103107157cf 100644 --- a/.github/workflows/adapter-code-coverage.yml +++ b/.github/workflows/adapter-code-coverage.yml @@ -13,12 +13,12 @@ jobs: runs-on: ubuntu-latest steps: - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: 1.24.0 - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} @@ -26,7 +26,7 @@ jobs: - name: Discover Adapter Directories id: get_directories - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: result-encoding: string script: | @@ -71,7 +71,7 @@ jobs: rm -f -r ./* - name: Checkout Coverage Preview Branch - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: coverage-preview @@ -97,7 +97,7 @@ jobs: - name: Add Coverage Summary To Pull Request if: steps.run_coverage.outputs.coverage_dir != '' && steps.commit_coverage.outputs.remote_coverage_preview_dir != '' - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: script: | const utils = require('./.github/workflows/helpers/pull-request-utils.js') diff --git a/.github/workflows/code-path-changes.yml b/.github/workflows/code-path-changes.yml index 23e0c19db6d..f543394f479 100644 --- a/.github/workflows/code-path-changes.yml +++ b/.github/workflows/code-path-changes.yml @@ -22,10 +22,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v3 + uses: actions/checkout@v6 - name: Set up Node.js - uses: actions/setup-node@v3 + uses: actions/setup-node@v6 with: node-version: '18' diff --git a/.github/workflows/cross-repo-issue.yml b/.github/workflows/cross-repo-issue.yml index 2bea44a301c..a763397953d 100644 --- a/.github/workflows/cross-repo-issue.yml +++ b/.github/workflows/cross-repo-issue.yml @@ -12,7 +12,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@v2 with: app_id: ${{ secrets.XREPO_APP_ID }} private_key: ${{ secrets.XREPO_PEM }} diff --git a/.github/workflows/issue_prioritization.yml b/.github/workflows/issue_prioritization.yml index ec58073d653..87803112f66 100644 --- a/.github/workflows/issue_prioritization.yml +++ b/.github/workflows/issue_prioritization.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Generate token id: generate_token - uses: tibdex/github-app-token@v2.1.0 + uses: tibdex/github-app-token@v2 with: app_id: ${{ secrets.PBS_PROJECT_APP_ID }} private_key: ${{ secrets.PBS_PROJECT_APP_PEM }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d3559732077..18d209a9117 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -26,13 +26,13 @@ jobs: contents: read steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 repository: ${{ github.repository }} ref: master - name: Check user permission - uses: actions/github-script@v7 + uses: actions/github-script@v9 id: check with: github-token: ${{ secrets.GITHUB_TOKEN }} @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 repository: ${{ github.repository }} @@ -69,7 +69,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Prebid Server - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Create & publish tag @@ -122,7 +122,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Prebid Server - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Build image @@ -130,7 +130,7 @@ jobs: docker build -t docker.io/prebid/prebid-server:${{ needs.publish-tag.outputs.releaseTag }} . - name: Login to docker Hub if: contains(inputs.debug, 'false') - uses: docker/login-action@v2.1.0 + uses: docker/login-action@v4.1.0 with: username: ${{ secrets.DOCKERHUB_USER }} password: ${{ secrets.DOCKERHUB_PASSWORD }} @@ -147,11 +147,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Prebid Server - uses: actions/checkout@v3 + uses: actions/checkout@v6 with: fetch-depth: 0 - name: Create & publish release - uses: release-drafter/release-drafter@v5.22.0 + uses: release-drafter/release-drafter@v7.2.0 with: name: ${{ needs.publish-tag.outputs.releaseTag }} tag: ${{ needs.publish-tag.outputs.releaseTag }} diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index d3831d8044f..e05901fd9da 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: # Resolves to empty string for push events and falls back to HEAD. ref: ${{ github.event.pull_request.head.sha }} @@ -29,6 +29,6 @@ jobs: severity: 'CRITICAL,HIGH' - name: Upload Results To GitHub Security Tab - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: 'trivy-results.sarif' \ No newline at end of file diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml index 55fba5ee287..a932ba4e175 100644 --- a/.github/workflows/semgrep.yml +++ b/.github/workflows/semgrep.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{github.event.pull_request.head.ref}} @@ -20,7 +20,7 @@ jobs: - name: Calculate Code Diff id: calculate_diff - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: result-encoding: string script: | @@ -55,7 +55,7 @@ jobs: - name: Add Pull Request Comment id: add_pull_request_comment if: contains(steps.should_run_semgrep.outputs.hasChanges, 'true') - uses: actions/github-script@v7 + uses: actions/github-script@v9 with: github-token: ${{ secrets.GITHUB_TOKEN }} result-encoding: string diff --git a/.github/workflows/slack-stale-pr.yml b/.github/workflows/slack-stale-pr.yml index a610c3e7de9..9c2307facb6 100644 --- a/.github/workflows/slack-stale-pr.yml +++ b/.github/workflows/slack-stale-pr.yml @@ -19,7 +19,7 @@ jobs: ignoredLabels: "blocked" - name: Post to a Slack channel id: slack - uses: slackapi/slack-github-action@v1.27.1 + uses: slackapi/slack-github-action@v3.0.1 with: channel-id: ${{ secrets.SLACK_CHANNEL_ID }} slack-message: "${{ steps.local.outputs.message }}" diff --git a/.github/workflows/validate-merge.yml b/.github/workflows/validate-merge.yml index ca633d47465..156b7513a1c 100644 --- a/.github/workflows/validate-merge.yml +++ b/.github/workflows/validate-merge.yml @@ -10,12 +10,12 @@ jobs: steps: - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: 1.24.0 - name: Checkout Merged Branch - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Validate run: | diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index df71d61612a..c0bb7a51205 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -16,12 +16,12 @@ jobs: steps: - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} - name: Checkout Code - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: # Resolves to empty string for push events and falls back to HEAD. ref: ${{ github.event.pull_request.head.sha }}