Skip to content

chore(deps): bump the dependencies group across 1 directory with 12 updates#24

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dependencies-773afc397f
Open

chore(deps): bump the dependencies group across 1 directory with 12 updates#24
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dependencies-773afc397f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 12 updates in the / directory:

Package From To
actions/checkout 6.0.2 6.0.3
actions/setup-node 6.3.0 6.4.0
CodSpeedHQ/action 4.11.1 4.17.0
actions/create-github-app-token 2.2.1 3.2.0
dependabot/fetch-metadata 2.5.0 3.1.0
actions/dependency-review-action 4.9.0 5.0.0
peter-evans/create-pull-request 8.1.0 8.1.1
actions/github-script 8.0.0 9.0.0
changesets/action 1.7.0 1.9.0
actions/cache 5.0.3 5.0.5
jwalton/gh-find-current-pr 1.3.3 1.3.5
codecov/codecov-action 5.5.2 6.0.1

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

... (truncated)

Commits

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

Updates CodSpeedHQ/action from 4.11.1 to 4.17.0

Release notes

Sourced from CodSpeedHQ/action's releases.

v4.17.0

Release Notes

🚀 Features

🐛 Bug Fixes

💼 Other

🏗️ Refactor

🧪 Testing

... (truncated)

Commits
  • 9d332c4 Release v4.17.0 🚀
  • 96afee1 chore: bump runner version to 4.17.0
  • a55be0f chore: bump runner version to 4.16.2
  • 3194d9a Release v4.15.1 🚀
  • 91dff45 chore: bump runner version to 4.15.1
  • c381be0 Release v4.15.0 🚀
  • 5cb7f66 chore: bump runner version to 4.15.0
  • 658a901 Release v4.14.0 🚀
  • 1d42668 chore: bump runner version to 4.14.0
  • db35df7 Release v4.13.1 🚀
  • Additional commits viewable in compare view

Updates actions/create-github-app-token from 2.2.1 to 3.2.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.2.0

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

  • improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

  • deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

v3.0.0

3.0.0 (2026-03-14)

Bug Fixes

... (truncated)

Changelog

Sourced from actions/create-github-app-token's changelog.

Changelog

3.2.0 (2026-05-12)

Features

  • add support for enterprise-level GitHub Apps (#263) (952a2a7)
  • support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

  • deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
  • validate private-key input (#376) (f24bbd8)
Commits
  • bcd2ba4 chore(main): release 3.2.0 (#370)
  • f24bbd8 fix: validate private-key input (#376)
  • 363531b docs: capitalize Git as a proper noun in README (#374)
  • fd28011 docs: update procedure to configure Git (#287)
  • 85eb8dd feat: support full repository names in repositories input (#372)
  • c9aabb8 build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...
  • e02e816 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)
  • 8d835bf build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...
  • 952a2a7 feat: add support for enterprise-level GitHub Apps (#263)
  • 43e5c34 fix(deps): bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependenc...
  • Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.5.0 to 3.1.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

New Contributors

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

... (truncated)

Commits
  • 25dd0e3 v3.1.0 (#692)
  • e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
  • 0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
  • 7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
  • 5168191 Updating dist build
  • 23882e1 build(deps): bump @​actions/github in the dependencies group
  • 1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
  • 43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
  • b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
  • c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
  • Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.9.0 to 5.0.0

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Commits
  • a1d282b Merge pull request #1098 from actions/ahpook/v5-release
  • eb6c199 update examples to show @​v5
  • 3943c2c v5.0.0 release branch
  • 454943c Merge pull request #1094 from actions/ashelytc/security-findings
  • 6d92a12 revert @​typescript-eslint/parser update
  • a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
  • b6b7079 update @​typescript-eslint/parser to 8.40.0
  • 821a21d update more dependencies
  • 05aaaae run npm audit fix
  • 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
  • Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 8.1.0 to 8.1.1

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.1.1

What's Changed

Full Changelog: peter-evans/create-pull-request@v8.1.0...v8.1.1

Commits
  • 5f6978f fix: retry post-creation API calls on 422 eventual consistency errors (#4356)
  • d32e88d build(deps-dev): bump the npm group with 3 updates (#4349)
  • 8170bcc build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#4344)
  • 0041819 build(deps): bump picomatch (#4339)
  • b993918 build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#4334)
  • 36d7c84 build(deps-dev): bump undici from 6.23.0 to 6.24.0 (#4328)
  • a45d1fb build(deps): bump @​tootallnate/once and jest-environment-jsdom (#4323)
  • 3499eb6 build(deps): bump the github-actions group with 2 updates (#4316)
  • 3f3b473 build(deps): bump minimatch (#4311)
  • 6699836 build(deps-dev): bump the npm group with 2 updates (#4305)
  • See full diff in compare view

Updates actions/github-script from 8.0.0 to 9.0.0

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

  • getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
  • Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

  • require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
  • getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
  • If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

New Contributors

Full Changelog: actions/github-script@v8.0.0...v9.0.0

Commits
  • 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
  • ca10bbd fix: use @​octokit/core/types import for v7 compatibility
  • 86e48e2 merge: incorporate main branch changes
  • c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
  • afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
  • ff8117e ci: fix user-agent test to handle orchestration ID
  • 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
  • 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
  • c17d55b ci: add getOctokit integration test job
  • a047196 test: add getOctokit integration tests via callAsyncFunction
  • Additional commits viewable in compare view

Updates changesets/action from 1.7.0 to 1.9.0

Release notes

Sourced from changesets/action's releases.

v1.9.0

Minor Changes

  • #636 b072bcc Thanks @​bluwy! - Add a new @changesets/action/pr-comment sub-action to comment on PRs

  • #625 8795eee Thanks @​bluwy! - Add a new @changesets/action/pr-status sub-action to generate the changeset status comment for PRs as an alternative to the Changesets Bot.

Patch Changes

  • #535 34f64f6 Thanks @​Andarist! - Fixed an issue with GitHub releases not being created for successfully published packages when some packages failed to be published to the registry.

  • #632 1d54b9e Thanks @​bluwy! - Simplify internal implementation to get changelog entries for a package version

  • #629 e0c90aa Thanks @​bluwy! - Fix custom version and publish command argument parsing

  • #645 f9585d9 Thanks @​Andarist! - Improved force-push handling when using commitMode: "github-api" so updating an existing branch no longer temporarily resets the target branch to the base commit, avoiding cases where GitHub closes open pull requests during the update. This should remove a possibility of a GitHub state race that caused the force-pushed PRs not being reopened.

v1.8.0

Minor Changes

  • #258 f5dbf72 Thanks @​tom-sherman! - Support draft version PR modes with a new prDraft input. Use create to create new version PRs as drafts, or always to also convert existing version PRs back to draft when updating them.

Patch Changes

  • #502 6002dbd Thanks @​oshytiko! - Fixed initial .changeset state being picked up, when cwd parameter is provided

  • #536 81b3f61 Thanks @​radnan! - Fixed .changeset state being picked for the version command when cwd parameter is provided

Changelog

Sourced from changesets/action's changelog.

@​changesets/action

1.9.0

Minor Changes

…pdates

Bumps the dependencies group with 12 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |
| [CodSpeedHQ/action](https://github.com/codspeedhq/action) | `4.11.1` | `4.17.0` |
| [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.2.1` | `3.2.0` |
| [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.1.0` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.1.0` | `8.1.1` |
| [actions/github-script](https://github.com/actions/github-script) | `8.0.0` | `9.0.0` |
| [changesets/action](https://github.com/changesets/action) | `1.7.0` | `1.9.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.3` | `5.0.5` |
| [jwalton/gh-find-current-pr](https://github.com/jwalton/gh-find-current-pr) | `1.3.3` | `1.3.5` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.1` |



Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...df4cb1c)

Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@53b8394...48b55a0)

Updates `CodSpeedHQ/action` from 4.11.1 to 4.17.0
- [Release notes](https://github.com/codspeedhq/action/releases)
- [Changelog](https://github.com/CodSpeedHQ/action/blob/main/CHANGELOG.md)
- [Commits](CodSpeedHQ/action@281164b...9d332c4)

Updates `actions/create-github-app-token` from 2.2.1 to 3.2.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](actions/create-github-app-token@29824e6...bcd2ba4)

Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@21025c7...25dd0e3)

Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@2031cfc...a1d282b)

Updates `peter-evans/create-pull-request` from 8.1.0 to 8.1.1
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@c0f553f...5f6978f)

Updates `actions/github-script` from 8.0.0 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@ed59741...3a2844b)

Updates `changesets/action` from 1.7.0 to 1.9.0
- [Release notes](https://github.com/changesets/action/releases)
- [Changelog](https://github.com/changesets/action/blob/main/CHANGELOG.md)
- [Commits](changesets/action@6a0a831...a45c4d5)

Updates `actions/cache` from 5.0.3 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@cdf6c1f...27d5ce7)

Updates `jwalton/gh-find-current-pr` from 1.3.3 to 1.3.5
- [Release notes](https://github.com/jwalton/gh-find-current-pr/releases)
- [Commits](jwalton/gh-find-current-pr@89ee579...f3d61b4)

Updates `codecov/codecov-action` from 5.5.2 to 6.0.1
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@671740a...e79a696)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: CodSpeedHQ/action
  dependency-version: 4.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: dependabot/fetch-metadata
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/dependency-review-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: changesets/action
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: jwalton/gh-find-current-pr
  dependency-version: 1.3.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants