Skip to content

ci: bump the github-actions group across 1 directory with 11 updates#24482

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-c0cb25ee13
Closed

ci: bump the github-actions group across 1 directory with 11 updates#24482
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-c0cb25ee13

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026
edited
Loading

Bumps the github-actions group with 11 updates in the / directory:

Package From To
step-security/harden-runner 2.16.1 2.17.0
crate-ci/typos 1.44.0 1.45.0
actions/upload-artifact 7.0.0 7.0.1
chromaui/action 16.0.0 16.2.0
docker/login-action 4.0.0 4.1.0
actions/github-script 7.0.1 9.0.0
aws-actions/configure-aws-credentials 6.0.0 6.1.0
fluxcd/flux2 2.8.3 2.8.5
superfly/flyctl-actions 1.5 1.6
linear/linear-release-action 0.6.0 0.7.0
actions/setup-go 5.6.0 6.4.0

Updates step-security/harden-runner from 2.16.1 to 2.17.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.17.0

What's Changed

Policy Store Support

Added use-policy-store and api-key inputs to fetch security policies directly from the StepSecurity Policy Store. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing policy input which requires id-token: write permission. If no policy is found in the store, the action defaults to audit mode.

Full Changelog: step-security/harden-runner@v2.16.1...v2.17.0

Commits

Updates crate-ci/typos from 1.44.0 to 1.45.0

Release notes

Sourced from crate-ci/typos's releases.

v1.45.0

[1.45.0] - 2026-04-01

Features

  • Updated the dictionary with the March 2026 changes
Changelog

Sourced from crate-ci/typos's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[Unreleased] - ReleaseDate

[1.45.1] - 2026-04-13

Fixes

  • (action) Use a temp dir for caching

[1.45.0] - 2026-04-01

Features

  • Updated the dictionary with the March 2026 changes

[1.44.0] - 2026-02-27

Features

[1.43.5] - 2026-02-16

Fixes

  • (pypi) Hopefully fix the sdist build

[1.43.4] - 2026-02-09

Fixes

  • Don't correct pincher

[1.43.3] - 2026-02-06

Fixes

  • (action) Adjust how typos are reported to github

[1.43.2] - 2026-02-05

Fixes

  • Don't correct certifi in Python

... (truncated)

Commits

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • See full diff in compare view

Updates chromaui/action from 16.0.0 to 16.2.0

Changelog

Sourced from chromaui/action's changelog.

v16.3.0 (Tue Apr 14 2026)

🚀 Enhancement

Authors: 2

v16.2.0 (Thu Apr 09 2026)

🚀 Enhancement

🐛 Bug Fix

Authors: 2

v16.1.0 (Thu Apr 02 2026)

🚀 Enhancement

🐛 Bug Fix

Authors: 2

... (truncated)

Commits

Updates docker/login-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits
  • 4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 1e233e6 chore: update generated content
  • 6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
  • ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
  • 1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
  • d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
  • a6f092b chore: update generated content
  • 60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
  • 62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 102c0e6 chore: update generated content
  • Additional commits viewable in compare view

Updates actions/github-script from 7.0.1 to 9.0.0

Release notes

Sourced from actions/github-script's releases.

v9.0.0

New features:

  • getOctokit factory function — Available directly in the script context. Create additional authenticated Octokit clients with different tokens for multi-token workflows, GitHub App tokens, and cross-org access. See Creating additional clients with getOctokit for details and examples.
  • Orchestration ID in user-agent — The ACTIONS_ORCHESTRATION_ID environment variable is automatically appended to the user-agent string for request tracing.

Breaking changes:

  • require('@actions/github') no longer works in scripts. The upgrade to @actions/github v9 (ESM-only) means require('@actions/github') will fail at runtime. If you previously used patterns like const { getOctokit } = require('@actions/github') to create secondary clients, use the new injected getOctokit function instead — it's available directly in the script context with no imports needed.
  • getOctokit is now an injected function parameter. Scripts that declare const getOctokit = ... or let getOctokit = ... will get a SyntaxError because JavaScript does not allow const/let redeclaration of function parameters. Use the injected getOctokit directly, or use var getOctokit = ... if you need to redeclare it.
  • If your script accesses other @actions/github internals beyond the standard github/octokit client, you may need to update those references for v9 compatibility.

What's Changed

New Contributors

Full Changelog: actions/github-script@v8.0.0...v9.0.0

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

... (truncated)

Commits
  • 3a2844b Merge pull request #700 from actions/salmanmkc/expose-getoctokit + prepare re...
  • ca10bbd fix: use @​octokit/core/types import for v7 compatibility
  • 86e48e2 merge: incorporate main branch changes
  • c108472 chore: rebuild dist for v9 upgrade and getOctokit factory
  • afff112 Merge pull request #712 from actions/salmanmkc/deployment-false + fix user-ag...
  • ff8117e ci: fix user-agent test to handle orchestration ID
  • 81c6b78 ci: use deployment: false to suppress deployment noise from integration tests
  • 3953caf docs: update README examples from @​v8 to @​v9, add getOctokit docs and v9 brea...
  • c17d55b ci: add getOctokit integration test job
  • a047196 test: add getOctokit integration tests via callAsyncFunction
  • Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.1.0

6.1.0 (2026-04-06)

Features

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.1.0 (2026-04-06)

Features

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

Features

Bug Fixes

  • properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

5.1.1 (2025-11-24)

Miscellaneous Chores

5.1.0 (2025-10-06)

Features

Bug Fixes

5.0.0 (2025-09-03)

... (truncated)

Commits

Updates fluxcd/flux2 from 2.8.3 to 2.8.5

Release notes

Sourced from fluxcd/flux2's releases.

v2.8.5

Highlights

Flux v2.8.5 is a patch release that includes bug fixes and improvements across kustomize-controller, source-controller, and notification-controller. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix a race condition where a cancelled reconciliation could leave stale data in the cache, causing Kustomizations to get stuck (kustomize-controller)
  • Fix Azure Blob prefix option not being passed to the storage client (source-controller)

Improvements:

  • Improve error message for encrypted SSH keys without password (source-controller)
  • Add optional email and audience fields to the GCR Receiver for tighter verification (notification-controller)
  • Add provider manifest example for Azure Event Hub managed identity authentication (notification-controller)

Components changelog

CLI changelog

Full Changelog: fluxcd/flux2@v2.8.4...v2.8.5

v2.8.4

Highlights

Flux v2.8.4 is a patch release that includes fixes for the Flux CLI. Users are encouraged to upgrade for the best experience.

ℹ️ Please follow the Upgrade Procedure for Flux v2.7+ for a smooth upgrade from Flux v2.6 to the latest version.

Fixes:

  • Fix flux build ks and flux diff ks on Windows
  • Fix --source flag validation in create kustomization command

CLI changelog

Full Changelog: fluxcd/flux2@v2.8.3...v2.8.4

Commits
  • 5adad89 Merge pull request #5822 from fluxcd/update-components-release/v2.8.x
  • 29cc0b3 Update toolkit components
  • 3cf3cb5 Merge pull request #5799 from fluxcd/backport-5798-to-release/v2.8.x
  • 1569932 fix: validate --source flag in create kustomization command
  • 836f87e Merge pull request #5796 from fluxcd/update-pkg-deps/release/v2.8.x
  • 19545a8 Update fluxcd/pkg dependencies
  • See full diff in compare view

Updates superfly/flyctl-actions from 1.5 to 1.6

Commits
  • ed8efb3 Merge pull request #108 from p-j/chore/upgrade-node-runtime
  • 9402a95 rebuild dist from clean install
  • d2051fe chore(setup): upgrade @​actions dependencies to node 24 compatible versions
  • 1c0f13f chore(setup): update dependencies and configuration for biome and TypeScript
  • 0aa1611 chore(setup): update nodejs runtime
  • 63da3ec Merge pull request #65 from superfly/dependabot/npm_and_yarn/setup-flyctl/typ...
  • de6d3cb Bump @​types/node from 20.14.12 to 22.1.0 in /setup-flyctl
  • 8664a33 Merge pull request #63 from smorimoto/revamp
  • 23f9fae Revamp
  • 21d9a11 Merge pull request #64 from smorimoto/more-support
  • Additional commits viewable in compare view

Updates linear/linear-release-action from 0.6.0 to 0.7.0

Release notes

Sourced from linear/linear-release-action's releases.

v0.7.0

What's Changed

Full Changelog: linear/linear-release-action@v0.6.0...v0.7.0

Commits

Updates actions/setup-go from 5.6.0 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

Full Changelog: actions/setup-go@v6...v6.3.0

v6.2.0

What's Changed

Enhancements

Dependency updates

New Contributors

Full Changelog: actions/setup-go@v6...v6.2.0

v6.1.0

What's Changed

Enhancements

... (truncated)

Commits

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
crate-ci/typos [>= 1.30.a, < 1.31]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
ci: bump the github-actions group across 1 directory with 11 updates
d94284b 
Bumps the github-actions group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.1` | `2.17.0` |
| [crate-ci/typos](https://github.com/crate-ci/typos) | `1.44.0` | `1.45.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [chromaui/action](https://github.com/chromaui/action) | `16.0.0` | `16.2.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.0.0` | `4.1.0` |
| [actions/github-script](https://github.com/actions/github-script) | `7.0.1` | `9.0.0` |
| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.0.0` | `6.1.0` |
| [fluxcd/flux2](https://github.com/fluxcd/flux2) | `2.8.3` | `2.8.5` |
| [superfly/flyctl-actions](https://github.com/superfly/flyctl-actions) | `1.5` | `1.6` |
| [linear/linear-release-action](https://github.com/linear/linear-release-action) | `0.6.0` | `0.7.0` |
| [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` |



Updates `step-security/harden-runner` from 2.16.1 to 2.17.0
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@fe10465...f808768)

Updates `crate-ci/typos` from 1.44.0 to 1.45.0
- [Release notes](https://github.com/crate-ci/typos/releases)
- [Changelog](https://github.com/crate-ci/typos/blob/master/CHANGELOG.md)
- [Commits](crate-ci/typos@631208b...02ea592)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `chromaui/action` from 16.0.0 to 16.2.0
- [Release notes](https://github.com/chromaui/action/releases)
- [Changelog](https://github.com/chromaui/action/blob/main/CHANGELOG.md)
- [Commits](chromaui/action@f191a02...688adae)

Updates `docker/login-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@b45d80f...4907a6d)

Updates `actions/github-script` from 7.0.1 to 9.0.0
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7.0.1...3a2844b)

Updates `aws-actions/configure-aws-credentials` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@8df5847...ec61189)

Updates `fluxcd/flux2` from 2.8.3 to 2.8.5
- [Release notes](https://github.com/fluxcd/flux2/releases)
- [Commits](fluxcd/flux2@871be9b...5adad89)

Updates `superfly/flyctl-actions` from 1.5 to 1.6
- [Release notes](https://github.com/superfly/flyctl-actions/releases)
- [Commits](superfly/flyctl-actions@fc53c09...ed8efb3)

Updates `linear/linear-release-action` from 0.6.0 to 0.7.0
- [Release notes](https://github.com/linear/linear-release-action/releases)
- [Commits](linear/linear-release-action@755d50b...0353b5f)

Updates `actions/setup-go` from 5.6.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@40f1582...4a36011)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: crate-ci/typos
  dependency-version: 1.45.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: chromaui/action
  dependency-version: 16.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-version: 9.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: fluxcd/flux2
  dependency-version: 2.8.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: superfly/flyctl-actions
  dependency-version: '1.6'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: linear/linear-release-action
  dependency-version: 0.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/setup-go
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 17, 2026
@dependabot dependabot Bot requested a review from jdomeracki-coder as a code owner April 17, 2026 13:52
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 17, 2026
@github-actions github-actions Bot enabled auto-merge (squash) April 17, 2026 13:52
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 21, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 21, 2026
auto-merge was automatically disabled April 21, 2026 11:14

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-c0cb25ee13 branch April 21, 2026 11:14
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 21, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@jdomeracki-coder jdomeracki-coder Awaiting requested review from jdomeracki-coder jdomeracki-coder is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants