Skip to content

chore(deps): update github-actions #4336

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update github-actions #4336

wants to merge 1 commit into from

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Jul 1, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
actions/checkout action digest 09d2aca -> ff7abcd
actions/checkout action minor v4.2.2 -> v4.3.0
github/codeql-action action minor v3.29.0 -> v3.30.6
google-github-actions/auth action patch v2.1.10 -> v2.1.13
ossf/scorecard-action action patch v2.4.2 -> v2.4.3
sigstore/cosign-installer action minor v3.9.1 -> v3.10.0
softprops/action-gh-release action patch v2.3.2 -> v2.3.4

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

actions/checkout (actions/checkout)

v4.3.0

Compare Source

What's Changed
New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

github/codeql-action (github/codeql-action)

v3.30.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.6 - 02 Oct 2025

  • Update default CodeQL bundle version to 2.23.2. #​3168

See the full CHANGELOG.md for more information.

v3.30.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025
  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #​3160

See the full CHANGELOG.md for more information.

v3.30.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025
  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #​3099 and #​3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #​3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #​3130
  • Update default CodeQL bundle version to 2.23.1. #​3118

See the full CHANGELOG.md for more information.

v3.30.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025
  • Fixed a bug which could cause language autodetection to fail. #​3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #​3064

See the full CHANGELOG.md for more information.

v3.30.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.1 - 05 Sep 2025

  • Update default CodeQL bundle version to 2.23.0. #​3077

See the full CHANGELOG.md for more information.

v3.30.0

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #​3054

See the full CHANGELOG.md for more information.

v3.29.11

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #​3044

See the full CHANGELOG.md for more information.

v3.29.10

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.10 - 18 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.9

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.9 - 12 Aug 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.8

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.8 - 08 Aug 2025

  • Fix an issue where the Action would autodetect unsupported languages such as HTML. #​3015

See the full CHANGELOG.md for more information.

v3.29.7

Compare Source

This is a re-release of v3.29.5 to mitigate an issue that was discovered with v3.29.6.

v3.29.6

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.6 - 07 Aug 2025

  • The cleanup-level input to the analyze Action is now deprecated. The CodeQL Action has written a limited amount of intermediate results to the database since version 2.2.5, and now automatically manages cleanup. #​2999
  • Update default CodeQL bundle version to 2.22.3. #​3000

See the full CHANGELOG.md for more information.

v3.29.5

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.5 - 29 Jul 2025

  • Update default CodeQL bundle version to 2.22.2. #​2986

See the full CHANGELOG.md for more information.

v3.29.4

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.4 - 23 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.3

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.3 - 21 Jul 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.29.2

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.2 - 30 Jun 2025

  • Experimental: When the quality-queries input for the init action is provided with an argument, separate .quality.sarif files are produced and uploaded for each language with the results of the specified queries. Do not use this in production as it is part of an internal experiment and subject to change at any time. #​2935

See the full CHANGELOG.md for more information.

v3.29.1

Compare Source

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.29.1 - 27 Jun 2025

  • Fix bug in PR analysis where user-provided include query filter fails to exclude non-included queries. #​2938
  • Update default CodeQL bundle version to 2.22.1. #​2950

See the full CHANGELOG.md for more information.

google-github-actions/auth (google-github-actions/auth)

v2.1.13

Compare Source

What's Changed

Full Changelog: google-github-actions/auth@v2.1.12...v2.1.13

v2.1.12

Compare Source

What's Changed

Full Changelog: google-github-actions/auth@v2.1.11...v2.1.12

v2.1.11

Compare Source

What's Changed

Full Changelog: google-github-actions/auth@v2.1.10...v2.1.11

ossf/scorecard-action (ossf/scorecard-action)

v2.4.3

Compare Source

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

Other

New Contributors

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

sigstore/cosign-installer (sigstore/cosign-installer)

v3.10.0

Compare Source

What's Changed

  • Bump default Cosign to v2.6.0 in #​200

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0

v3.9.2

Compare Source

What's Changed
  • not fail fast and setup permissions in #​195
  • drop old unsupported versions <v2.0.0 in #​192
  • Update default to v2.5.3 in #​196

Full Changelog: sigstore/cosign-installer@v3.9.1...v3.9.2

softprops/action-gh-release (softprops/action-gh-release)

v2.3.4

Compare Source

What's Changed
Bug fixes 🐛
Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.3.4

v2.3.3

Compare Source

What's Changed

Exciting New Features 🎉
Other Changes 🔄
  • dependency updates

New Contributors

Full Changelog: softprops/action-gh-release@v2...v2.3.3

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, on day 1 of the month ( * 0-3 1 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate-bot renovate-bot requested review from a team as code owners July 1, 2025 03:07
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch from 2b7e6fc to 8e63268 Compare July 19, 2025 03:05
@renovate-bot renovate-bot changed the title chore(deps): update github/codeql-action action to v3.29.2 chore(deps): update github-actions Jul 19, 2025
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch 2 times, most recently from 42e50f1 to 3394ee9 Compare July 24, 2025 00:36
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch 2 times, most recently from f4e57e7 to 49ec2e5 Compare August 5, 2025 01:25
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch 5 times, most recently from 5c6ebf7 to 098cc46 Compare August 13, 2025 16:03
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch 2 times, most recently from 6d1694c to a19be78 Compare August 24, 2025 03:57
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch 3 times, most recently from d1b1c3a to feede46 Compare September 7, 2025 05:12
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch 3 times, most recently from 70a3f95 to 6366fa7 Compare September 14, 2025 03:01
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch 3 times, most recently from a65e48b to f6ea7d1 Compare October 1, 2025 02:21
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch from f6ea7d1 to d7a9ac8 Compare October 3, 2025 01:55
@renovate-bot renovate-bot force-pushed the renovate/github-actions branch from d7a9ac8 to e77e21d Compare October 4, 2025 01:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@renovate-bot