chore(deps): bump the github-actions group with 8 updates by dependabot[bot] · Pull Request #17 · zircote/rust-template

dependabot · 2026-02-16T16:29:56Z

Bumps the github-actions group with 8 updates:

Package	From	To
taiki-e/install-action	`2.67.25`	`2.67.30`
dependabot/fetch-metadata	`2.1.0`	`2.5.0`
docker/metadata-action	`5.5.1`	`5.10.0`
docker/build-push-action	`6.6.0`	`6.19.2`
softprops/action-gh-release	`2.0.8`	`2.5.0`
slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml	`2.0.0`	`2.1.0`
orhun/git-cliff-action	`4.5.0`	`4.7.0`
crate-ci/typos	`1.43.3`	`1.43.5`

Updates taiki-e/install-action from 2.67.25 to 2.67.30

Release notes

Sourced from taiki-e/install-action's releases.

2.67.30

Update cargo-nextest@latest to 0.9.127.

2.67.29

Update mise@latest to 2026.2.11.

Update cargo-no-dev-deps@latest to 0.2.21.

Update cargo-minimal-versions@latest to 0.1.36.

Update cargo-hack@latest to 0.6.43.

Update cargo-binstall@latest to 1.17.5.

Update osv-scanner@latest to 2.3.3.

Update martin@latest to 1.3.1.

Update parse-dockerfile@latest to 0.1.4.

2.67.28

Update uv@latest to 0.10.2.

Update syft@latest to 1.42.0.

Update mise@latest to 2026.2.9.

Update cyclonedx@latest to 0.30.0.

2.67.27

Update sccache@latest to 0.14.0.

Update typos@latest to 1.43.4.

Update mise@latest to 2026.2.8.

2.67.26

Update tombi@latest to 0.7.28.

Update mise@latest to 2026.2.7.

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

Update prek@latest to 0.3.3.

Update mise@latest to 2026.2.13.

[2.67.30] - 2026-02-13

Update cargo-nextest@latest to 0.9.127.

[2.67.29] - 2026-02-13

Update mise@latest to 2026.2.11.

Update cargo-no-dev-deps@latest to 0.2.21.

Update cargo-minimal-versions@latest to 0.1.36.

Update cargo-hack@latest to 0.6.43.

Update cargo-binstall@latest to 1.17.5.

Update osv-scanner@latest to 2.3.3.

Update martin@latest to 1.3.1.

Update parse-dockerfile@latest to 0.1.4.

[2.67.28] - 2026-02-11

Update uv@latest to 0.10.2.

Update syft@latest to 1.42.0.

Update mise@latest to 2026.2.9.

Update cyclonedx@latest to 0.30.0.

[2.67.27] - 2026-02-09

... (truncated)

Commits

288875d Release 2.67.30
ff61ba7 Update cargo-nextest@latest to 0.9.127
443c943 docs: Add note about tools installed by this action's side
44ad71d codegen: Update toml requirement from 0.9 to 1 (#1512)
541dbe1 Release 2.67.29
3f8c36b ci: Temporarily disable cygwin test
8c4bfde Update mise@latest to 2026.2.11
5516699 Update cargo-no-dev-deps@latest to 0.2.21
26d534b Update cargo-minimal-versions@latest to 0.1.36
21162aa Update cargo-hack@latest to 0.6.43
Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 2.1.0 to 2.5.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v2.5.0

What's Changed

Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot[bot] in dependabot/fetch-metadata#628

Bump the dev-dependencies group with 11 updates by @dependabot[bot] in dependabot/fetch-metadata#629

Bump actions/create-github-app-token from 2.0.6 to 2.1.1 by @dependabot[bot] in dependabot/fetch-metadata#635

Bump actions/create-github-app-token from 2.1.1 to 2.1.4 by @dependabot[bot] in dependabot/fetch-metadata#638

Bump actions/checkout from 4 to 5 by @dependabot[bot] in dependabot/fetch-metadata#636

Bump actions/setup-node from 4 to 5 by @dependabot[bot] in dependabot/fetch-metadata#637

Bump actions/setup-node from 5 to 6 by @dependabot[bot] in dependabot/fetch-metadata#639

Bump actions/create-github-app-token from 2.1.4 to 2.2.0 by @dependabot[bot] in dependabot/fetch-metadata#643

Bump actions/checkout from 5 to 6 by @dependabot[bot] in dependabot/fetch-metadata#642

Bump actions/create-github-app-token from 2.2.0 to 2.2.1 by @dependabot[bot] in dependabot/fetch-metadata#648

Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in dependabot/fetch-metadata#644

Bump express from 5.1.0 to 5.2.1 by @dependabot[bot] in dependabot/fetch-metadata#645

Bump @modelcontextprotocol/sdk from 1.11.2 to 1.24.0 by @dependabot[bot] in dependabot/fetch-metadata#647

v2.5.0 by @fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#631

Full Changelog: dependabot/fetch-metadata@v2...v2.5.0

v2.4.0

What's Changed

Bump actions/create-github-app-token from 1.11.0 to 1.11.3 by @dependabot in dependabot/fetch-metadata#598

Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in dependabot/fetch-metadata#578

Add missing @octokit/request-error to package.json by @jeffwidman in dependabot/fetch-metadata#605

Bump to ESLint 9 by @jeffwidman in dependabot/fetch-metadata#606

Stop using a node16 devcontainer image by @jeffwidman in dependabot/fetch-metadata#608

Make typescript compile to "es2022" by @jeffwidman in dependabot/fetch-metadata#609

Bump the dev-dependencies group across 1 directory with 8 updates by @dependabot in dependabot/fetch-metadata#607

Tidy up examples slightly by @jeffwidman in dependabot/fetch-metadata#611

Fixup some anchor tags that weren't deeplinking by @jeffwidman in dependabot/fetch-metadata#614

Remove unnecessary hardcoding of ref by @jeffwidman in dependabot/fetch-metadata#617

Bump actions/create-github-app-token from 1.11.3 to 2.0.2 by @dependabot in dependabot/fetch-metadata#616

Enable caching of npm install/npm ci for setup-node action by @jeffwidman in dependabot/fetch-metadata#618

Add workflow to publish new version of immutable action on every release by @jeffwidman in dependabot/fetch-metadata#623

Bump actions/create-github-app-token from 2.0.2 to 2.0.6 by @dependabot in dependabot/fetch-metadata#621

v2.4.0 by @fetch-metadata-action-automation in dependabot/fetch-metadata#594

Full Changelog: dependabot/fetch-metadata@v2...v2.4.0

v2.3.0

What's Changed

Bump actions/create-github-app-token from 1.10.2 to 1.10.3 by @dependabot in dependabot/fetch-metadata#537

Update readme to include an if conditional by @Nishnha in dependabot/fetch-metadata#548

Silence audit and funding messages from npm by @jeffwidman in dependabot/fetch-metadata#550

Bump actions/create-github-app-token from 1.10.3 to 1.11.0 by @dependabot in dependabot/fetch-metadata#554

fix readme action example by @CloudNStoyan in dependabot/fetch-metadata#563

Fixed missing outputs in action.yml by @CatChen in dependabot/fetch-metadata#564

Handle branch names containing dependency group by @CloudNStoyan in dependabot/fetch-metadata#565

... (truncated)

Commits

21025c7 v2.5.0
252291c Merge pull request #647 from dependabot/dependabot/npm_and_yarn/modelcontextp...
fa144c9 chore: Migrate jest expectation function
33c7a0b bug: Mock PR body in test
99c27ad Bump @modelcontextprotocol/sdk from 1.11.2 to 1.24.0
3837dcc Merge pull request #645 from dependabot/dependabot/npm_and_yarn/express-5.2.1
d411582 Bump express from 5.1.0 to 5.2.1
186ccbb Merge pull request #644 from dependabot/dependabot/npm_and_yarn/js-yaml-3.14.2
84c891e Bump js-yaml from 3.14.1 to 3.14.2
4542092 Merge pull request #648 from dependabot/dependabot/github_actions/actions/cre...
Additional commits viewable in compare view

Updates docker/metadata-action from 5.5.1 to 5.10.0

Release notes

Sourced from docker/metadata-action's releases.

v5.10.0

Bump @docker/actions-toolkit from 0.66.0 to 0.68.0 in docker/metadata-action#559 docker/metadata-action#569

Bump js-yaml from 3.14.1 to 3.14.2 in docker/metadata-action#564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

Add tag-names output to return tag names without image base name by @crazy-max in docker/metadata-action#553

Bump @babel/runtime-corejs3 from 7.14.7 to 7.28.2 in docker/metadata-action#539

Bump @docker/actions-toolkit from 0.62.1 to 0.66.0 in docker/metadata-action#555

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/metadata-action#540

Bump csv-parse from 5.6.0 to 6.1.0 in docker/metadata-action#532

Bump semver from 7.7.2 to 7.7.3 in in docker/metadata-action#554

Bump tmp from 0.2.3 to 0.2.5 in docker/metadata-action#541

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

v5.8.0

New is_not_default_branch global expression by @crazy-max in docker/metadata-action#535

Allow to match part of the git tag or value for semver/pep440 types by @crazy-max in docker/metadata-action#536 docker/metadata-action#537

Bump @actions/github from 6.0.0 to 6.0.1 in docker/metadata-action#523

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/metadata-action#526

Bump form-data from 2.5.1 to 2.5.5 in docker/metadata-action#533

Bump moment-timezone from 0.5.47 to 0.6.0 in docker/metadata-action#525

Bump semver from 7.7.1 to 7.7.2 in docker/metadata-action#524

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

v5.7.0

Global expressions support for labels and annotations by @crazy-max in docker/metadata-action#489

Support disabling outputs as environment variables by @omus in docker/metadata-action#497

Bump @docker/actions-toolkit from 0.44.0 to 0.56.0 in docker/metadata-action#507 docker/metadata-action#509

Bump csv-parse from 5.5.6 to 5.6.0 in docker/metadata-action#482

Bump moment-timezone from 0.5.46 to 0.5.47 in docker/metadata-action#501

Bump semver from 7.6.3 to 7.7.1 in docker/metadata-action#504

Full Changelog: docker/metadata-action@v5.6.1...v5.7.0

v5.6.1

Fix GitHub API request fallback for commit date by @crazy-max in docker/metadata-action#478

Revert to default commit SHA length of 7 by @crazy-max in docker/metadata-action#480

Full Changelog: docker/metadata-action@v5.6.0...v5.6.1

v5.6.0

Add commit_date global expression by @trim21 in docker/metadata-action#471 docker/metadata-action#475

Increase short commit sha length to 12 for uniqueness by @crazy-max in docker/metadata-action#467

Bump @actions/core from 1.10.1 to 1.11.1 docker/metadata-action#460

Bump @docker/actions-toolkit from 0.16.1 to 0.44.0 docker/metadata-action#391 docker/metadata-action#399 docker/metadata-action#413 docker/metadata-action#441

Bump braces from 3.0.2 to 3.0.3 docker/metadata-action#424

... (truncated)

Commits

c299e40 Merge pull request #569 from docker/dependabot/npm_and_yarn/docker/actions-to...
f015d79 chore: update generated content
121bcc2 chore(deps): Bump @docker/actions-toolkit from 0.67.0 to 0.68.0
f7b6bf4 Merge pull request #564 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
0b95c6b Merge pull request #565 from docker/dependabot/github_actions/actions/checkout-6
17f70d7 Merge pull request #568 from motoki317/docs/fix-to-24h-schedule-pattern
afd7e6d docs(README): Fix date format from 12h to 24h in schedule pattern
602aff8 chore(deps): Bump actions/checkout from 5 to 6
aecb1a4 chore(deps): Bump js-yaml from 3.14.1 to 3.14.2
8d8c7c1 Merge pull request #559 from docker/dependabot/npm_and_yarn/docker/actions-to...
Additional commits viewable in compare view

Updates docker/build-push-action from 6.6.0 to 6.19.2

Release notes

Sourced from docker/build-push-action's releases.

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

v6.18.0

Bump @docker/actions-toolkit from 0.61.0 to 0.62.1 in docker/build-push-action#1381

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Bump @docker/actions-toolkit from 0.59.0 to 0.61.0 by @crazy-max in docker/build-push-action#1364

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

Handle no default attestations env var by @crazy-max in docker/build-push-action#1343

Only print secret keys in build summary output by @crazy-max in docker/build-push-action#1353

Bump @docker/actions-toolkit from 0.56.0 to 0.59.0 in docker/build-push-action#1352

Full Changelog: docker/build-push-action@v6.15.0...v6.16.0

v6.15.0

Bump @docker/actions-toolkit from 0.55.0 to 0.56.0 in docker/build-push-action#1330

Full Changelog: docker/build-push-action@v6.14.0...v6.15.0

v6.14.0

... (truncated)

Commits

10e90e3 Merge pull request #1458 from crazy-max/git-auth-port
5262538 chore: update generated content
cd130e4 preserve port in GIT_AUTH_TOKEN host
806c751 Merge pull request #1452 from crazy-max/update-yarn
601a80b Merge pull request #1456 from crazy-max/auth-token-dyn-host
8f7fd7c chore: update generated content
710e335 derive GIT_AUTH_TOKEN host from GitHub server URL
c4ca848 update yarn to 4.9.2
ee4ca42 Merge pull request #1398 from docker/dependabot/npm_and_yarn/tmp-0.2.4
f1b3bb5 chore: update generated content
Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.0.8 to 2.5.0

Release notes

Sourced from softprops/action-gh-release's releases.

v2.5.0

What's Changed

Exciting New Features 🎉

feat: mark release as draft until all artifacts are uploaded by @dumbmoron in softprops/action-gh-release#692

Other Changes 🔄

chore(deps): bump the npm group across 1 directory with 5 updates by @dependabot[bot] in softprops/action-gh-release#697

chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 in the github-actions group by @dependabot[bot] in softprops/action-gh-release#689

New Contributors

@dumbmoron made their first contribution in softprops/action-gh-release#692

Full Changelog: softprops/action-gh-release@v2.4.2...v2.5.0

v2.4.2

What's Changed

Exciting New Features 🎉

feat: Ensure generated release notes cannot be over 125000 characters by @BeryJu in softprops/action-gh-release#684

Other Changes 🔄

dependency updates

New Contributors

@BeryJu made their first contribution in softprops/action-gh-release#684

Full Changelog: softprops/action-gh-release@v2.4.1...v2.4.2

v2.4.1

What's Changed

Other Changes 🔄

fix(util): support brace expansion globs containing commas in parseInputFiles by @Copilot in softprops/action-gh-release#672

fix: gracefully fallback to body when body_path cannot be read by @Copilot in softprops/action-gh-release#671

Full Changelog: softprops/action-gh-release@v2...v2.4.1

v2.4.0

What's Changed

Exciting New Features 🎉

feat(action): respect working_directory for files globs by @stephenway in softprops/action-gh-release#667

Other Changes 🔄

chore(deps): bump the npm group with 2 updates by @dependabot[bot] in softprops/action-gh-release#668

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

2.5.0

What's Changed

Exciting New Features 🎉

feat: mark release as draft until all artifacts are uploaded by @dumbmoron in softprops/action-gh-release#692

Other Changes 🔄

dependency updates

2.4.2

What's Changed

Exciting New Features 🎉

feat: Ensure generated release notes cannot be over 125000 characters by @BeryJu in softprops/action-gh-release#684

Other Changes 🔄

dependency updates

2.4.1

What's Changed

Other Changes 🔄

fix(util): support brace expansion globs containing commas in parseInputFiles by @Copilot in softprops/action-gh-release#672

fix: gracefully fallback to body when body_path cannot be read by @Copilot in softprops/action-gh-release#671

2.4.0

What's Changed

Exciting New Features 🎉

feat(action): respect working_directory for files globs by @stephenway in softprops/action-gh-release#667

2.3.4

What's Changed

Bug fixes 🐛

fix(action): handle 422 already_exists race condition by @stephenway in softprops/action-gh-release#665

Other Changes 🔄

... (truncated)

Commits

a06a81a release 2.5.0
7da8983 feat: mark release as draft until all artifacts are uploaded (#692)
8797328 chore(deps): bump actions/checkout in the github-actions group (#689)
1bfc62a chore(deps): bump the npm group across 1 directory with 5 updates (#697)
5be0e66 release 2.4.2
af658b4 feat: Ensure generated release notes cannot be over 125000 characters (#684)
237aacc chore: bump node to 24.11.0
00362be chore(deps): bump the npm group with 5 updates (#687)
0adea5a chore(deps): bump the npm group with 3 updates (#686)
aa05f9d chore(deps): bump actions/setup-node from 5.0.0 to 6.0.0 in the github-action...
Additional commits viewable in compare view

Updates slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml from 2.0.0 to 2.1.0

Release notes

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml's releases.

v2.1.0

What's Changed

chore: v2.0.0: update tags to v2.0.0 by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3584

fix: use @sigstore/cli in e2e.sign-attestations.schedule.yml by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3572

docs: fix broken links by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3605

chore(setup-go): update actions/setup-go to resolve the warning by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3604

fix: Update release docs by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3589

docs: Add Atsign-Foundation NoPorts to the Hall of Fame by @cpswan in slsa-framework/slsa-github-generator#3616

docs: Add v2.0.0 to SECURITY.md by @ianlewis in slsa-framework/slsa-github-generator#3630

docs: Add links to CHANGELOG by @ianlewis in slsa-framework/slsa-github-generator#3631

ci: fix PR title checker by @ianlewis in slsa-framework/slsa-github-generator#3632

ci: Add issue reopener by @ianlewis in slsa-framework/slsa-github-generator#3629

fix: update softprops/action-gh-release to v2.0.5 by @suzuki-shunsuke in slsa-framework/slsa-github-generator#3619

chore(renovate): use cron syntax for schedule by @rarkins in slsa-framework/slsa-github-generator#3638

chore: Fix Renovate config by @ianlewis in slsa-framework/slsa-github-generator#3635

feat: workflow to update actions dist by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3653

fix(deps): update dependency @sigstore/rekor-types to v2 by @renovate-bot in slsa-framework/slsa-github-generator#3650

chore(deps): update github-actions (major) by @renovate-bot in slsa-framework/slsa-github-generator#3648

fix(deps): update dependency org.json:json to v20231013 [security] by @renovate-bot in slsa-framework/slsa-github-generator#3641

fix(deps): update module github.com/sigstore/cosign/v2 to v2.2.4 [security] by @renovate-bot in slsa-framework/slsa-github-generator#3640

chore(deps): update dependency pathspec to v0.12.1 by @renovate-bot in slsa-framework/slsa-github-generator#3644

fix(deps): update dependency @actions/github to v6 by @renovate-bot in slsa-framework/slsa-github-generator#3649

fix(deps): update module golang.org/x/oauth2 to v0.20.0 by @renovate-bot in slsa-framework/slsa-github-generator#3646

fix(deps): update npm by @renovate-bot in slsa-framework/slsa-github-generator#3647

chore: formatting by @ianlewis in slsa-framework/slsa-github-generator#3655

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3642

docs: Add openfga as another user of slsa-github-generator via Github Actions by @aaguiarz in slsa-framework/slsa-github-generator#2950

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.6 by @renovate-bot in slsa-framework/slsa-github-generator#3645

chore: allow Renovate to create new config warning issues by @HonkingGoose in slsa-framework/slsa-github-generator#3662

chore: Fix markdown issues by @ianlewis in slsa-framework/slsa-github-generator#3658

chore(deps): update npm dev by @renovate-bot in slsa-framework/slsa-github-generator#3643

feat: Record vars in SLSA generators by @ianlewis in slsa-framework/slsa-github-generator#3633

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3679

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.7 by @renovate-bot in slsa-framework/slsa-github-generator#3680

docs: Remove expected GA for Node.js builder by @ianlewis in slsa-framework/slsa-github-generator#3659

ci: Add formatting pre-submit check by @ianlewis in slsa-framework/slsa-github-generator#3654

fix(deps): update dependency org.apache.maven:maven-plugin-api to v3.9.8 by @renovate-bot in slsa-framework/slsa-github-generator#3712

chore(deps): bump the npm_and_yarn group across 10 directories with 2 updates by @dependabot in slsa-framework/slsa-github-generator#3714

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3711

chore(deps): bump the go_modules group with 2 updates by @dependabot in slsa-framework/slsa-github-generator#3715

chore: slsa-verifier v2.6.0: Update action.yml by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3736

fix: Update maven helper plugin build by @loosebazooka in slsa-framework/slsa-github-generator#3746

fix: maven e2e: remove verify job by @ramonpetgrave64 in slsa-framework/slsa-github-generator#3748

chore(deps): update github-actions by @renovate-bot in slsa-framework/slsa-github-generator#3753

chore(deps): bump github.com/docker/docker from 24.0.9+incompatible to 25.0.6+incompatible in the go_modules group by @dependabot in slsa-framework/slsa-github-generator#3760

chore(config): migrate renovate config by @renovate-bot in slsa-framework/slsa-github-generator#3774

chore(deps): update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.10.1 by @renovate-bot in slsa-framework/slsa-github-generator#3758

chore(deps): update dependency org.apache.maven.plugins:maven-deploy-plugin to v3.1.3 by @renovate-bot in slsa-framework/slsa-github-generator#3820

chore(deps): update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.5 by @renovate-bot in slsa-framework/slsa-github-generator#3757

fix(deps): update npm by @renovate-bot in slsa-framework/slsa-github-generator#3754

... (truncated)

Changelog

Sourced from slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml's changelog.

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

The workflows generator_generic_slsa3.yml and builder_go_slsa3.yml have been updated to produce signed Sigstore Bundles, just like all the other builders that use the BYOB framework.

The workflow logs will now print a LogIndex, rather than a LogUUID. Both are equally searchanble on https://search.sigstore.dev/.

v2.1.0: Vars context recorded in provenance

Updated: GitHub vars context is now recorded in provenance for the generic and container generators. The vars context cannot affect the build in the Go builder so it is not recorded.

Commits

f7dd8c5 update the ref in the pre-submit
0a5124b fix jq for the sigstore bundles
fbeecf0 update docs
f701310 update workflows
3618598 v2.1.0-rc.3
46f81fc chore: update refs to v2.1.0-rc.1 (#4120)
5d20c93 chore: use builder tag v2.1.0-rc.0 (#4118)
e27b237 chore: braces and ejs vulns (#4116)
8967e1c chore: Update CODEOWNERS (#4115)
47d1954 chore: update octokit deps (#4114)
Additional commits viewable in compare view

Updates orhun/git-cliff-action from 4.5.0 to 4.7.0

Release notes

Sourced from orhun/git-cliff-action's releases.

v4.7.0

[4.7.0] - 2025-12-14

🐛 Bug Fixes

run

Update stat cmd for cross-platform compatibility (#66)

Fix stat command when fetch array (#67)

⚙️ Miscellaneous Tasks

version

Update git-cliff to 2.11.0

New Contributors

@MGSousa made their first contribution in orhun/git-cliff-action#66

Full Changelog: orhun/git-cliff-action@v4...v4.7.0

v4.6.0

[4.6.0] - 2025-09-21

🚀 Features

run

Toggle trace logs with environment variable (#59)

🐛 Bug Fixes

run

Exit with correct exit code (#58)

Pass gh token (#61)

⚙️ Miscellaneous Tasks

version

Update git-cliff to 2.10.1

v4.5.1

[4.5.1] - 2025-07-28

🐛 Bug Fixes

run

Properly pass arguments as an array (#56)

Commits

e16f179 chore(version): update git-cliff to 2.11.0
ef60b86 chore(deps): bump actions/checkout from 4 to 6 (#68)
78796b2 fix(run): Fix stat command when fetch array (#67)
a39e27f fix(run): update stat cmd for cross-platform compatibility (#66)
d77b37d chore(version): update git-cliff to 2.10.1
82629b3 fix(run): pass gh token (

Bumps the github-actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.67.25` | `2.67.30` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.1.0` | `2.5.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.5.1` | `5.10.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.6.0` | `6.19.2` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.0.8` | `2.5.0` | | [slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml](https://github.com/slsa-framework/slsa-github-generator) | `2.0.0` | `2.1.0` | | [orhun/git-cliff-action](https://github.com/orhun/git-cliff-action) | `4.5.0` | `4.7.0` | | [crate-ci/typos](https://github.com/crate-ci/typos) | `1.43.3` | `1.43.5` | Updates `taiki-e/install-action` from 2.67.25 to 2.67.30 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](taiki-e/install-action@v2.67.25...288875d) Updates `dependabot/fetch-metadata` from 2.1.0 to 2.5.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@5e5f996...21025c7) Updates `docker/metadata-action` from 5.5.1 to 5.10.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v5.5.1...c299e40) Updates `docker/build-push-action` from 6.6.0 to 6.19.2 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6.6.0...10e90e3) Updates `softprops/action-gh-release` from 2.0.8 to 2.5.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@v2.0.8...a06a81a) Updates `slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml` from 2.0.0 to 2.1.0 - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@v2.0.0...v2.1.0) Updates `orhun/git-cliff-action` from 4.5.0 to 4.7.0 - [Release notes](https://github.com/orhun/git-cliff-action/releases) - [Commits](orhun/git-cliff-action@e615672...e16f179) Updates `crate-ci/typos` from 1.43.3 to 1.43.5 - [Release notes](https://github.com/crate-ci/typos/releases) - [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md) - [Commits](crate-ci/typos@9066e99...57b11c6) --- updated-dependencies: - dependency-name: taiki-e/install-action dependency-version: 2.67.30 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: dependabot/fetch-metadata dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 5.10.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 6.19.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: softprops/action-gh-release dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml dependency-version: 2.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: orhun/git-cliff-action dependency-version: 4.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: crate-ci/typos dependency-version: 1.43.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-02-16T16:29:57Z

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-02-16T16:48:24Z

Benchmark Results

No benchmarks configured. Add benchmarks to benches/ directory.

Full results available in CI artifacts.

dependabot bot requested a review from zircote as a code owner February 16, 2026 16:29

github-actions bot merged commit 6d7ce4e into main Feb 16, 2026
7 of 8 checks passed

dependabot bot deleted the dependabot/github_actions/github-actions-4e77a9bb3e branch February 16, 2026 16:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions group with 8 updates#17

chore(deps): bump the github-actions group with 8 updates#17
github-actions[bot] merged 1 commit intomainfrom
dependabot/github_actions/github-actions-4e77a9bb3e

dependabot bot commented on behalf of github Feb 16, 2026

Uh oh!

dependabot bot commented on behalf of github Feb 16, 2026

Uh oh!

Uh oh!

github-actions bot commented Feb 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 16, 2026

2.67.30

2.67.29

2.67.28

2.67.27

2.67.26

Changelog

[Unreleased]

[2.67.30] - 2026-02-13

[2.67.29] - 2026-02-13

[2.67.28] - 2026-02-11

[2.67.27] - 2026-02-09

v2.5.0

What's Changed

v2.4.0

What's Changed

v2.3.0

What's Changed

v5.10.0

v5.9.0

v5.8.0

v5.7.0

v5.6.1

v5.6.0

v6.19.2

v6.19.1

v6.19.0

v6.18.0

v6.17.0

v6.16.0

v6.15.0

v6.14.0

v2.5.0

What's Changed

Exciting New Features 🎉

Other Changes 🔄

New Contributors

v2.4.2

What's Changed

Exciting New Features 🎉

Other Changes 🔄

New Contributors

v2.4.1

What's Changed

Other Changes 🔄

v2.4.0

What's Changed

Exciting New Features 🎉

Other Changes 🔄

2.5.0

What's Changed

Exciting New Features 🎉

Other Changes 🔄

2.4.2

What's Changed

Exciting New Features 🎉

Other Changes 🔄

2.4.1

What's Changed

Other Changes 🔄

2.4.0

What's Changed

Exciting New Features 🎉

2.3.4

What's Changed

Bug fixes 🐛

Other Changes 🔄

v2.1.0

What's Changed

v2.1.0

v2.1.0: Sigstore Bundles for Generic Generator and Go Builder

v2.1.0: Vars context recorded in provenance

v4.7.0

[4.7.0] - 2025-12-14

🐛 Bug Fixes

run

⚙️ Miscellaneous Tasks

version

New Contributors