Skip to content

chore(deps): bump the actions group across 1 directory with 3 updates#109

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-e41aaa6a79
Open

chore(deps): bump the actions group across 1 directory with 3 updates#109
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-e41aaa6a79

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown

Bumps the actions group with 3 updates in the / directory: actions/checkout, googleapis/release-please-action and softprops/action-gh-release.

Updates actions/checkout from 6.0.3 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates googleapis/release-please-action from 4.4.1 to 5.0.0

Release notes

Sourced from googleapis/release-please-action's releases.

v5.0.0

5.0.0 (2026-04-22)

⚠ BREAKING CHANGES

  • upgrade to node24 (#1188)

Features

Bug Fixes

  • bump release-please from 17.3.0 to 17.6.0 (#1199) (f533c26)
Changelog

Sourced from googleapis/release-please-action's changelog.

Changelog

5.0.0 (2026-04-22)

⚠ BREAKING CHANGES

  • upgrade to node24 (#1188)

Features

Bug Fixes

  • bump release-please from 17.3.0 to 17.6.0 (#1199) (f533c26)

4.4.1 (2026-02-20)

Bug Fixes

  • bump release-please from 17.1.3 to 17.3.0 (#1183) (ef9c274)

4.4.0 (2025-10-09)

Features

  • add ability to select versioning-strategy and release-as (#1121) (ee0f5ba)

Bug Fixes

  • changelog-host parameter ignored when using manifest configuration (#1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#1158) (66fbfe9)

4.3.0 (2025-08-20)

Features

  • deps: update release-please to 17.1.2 (f07192c)

4.2.0 (2025-03-07)

Features

... (truncated)

Commits

Updates softprops/action-gh-release from 3.0.0 to 3.0.2

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.2

3.0.2 is a patch release focused on release reliability and compatibility. It reuses existing draft releases when publishing prereleases, supports replacing release assets on Gitea, hardens streamed asset uploads, and provides clearer release-creation diagnostics. It also includes TypeScript, coverage, and tooling maintenance merged since 3.0.1.

This release fixes #795, #438, and #803. The upload transport hardening covers the historical failure reported in #790, although current hosted Node 24 runners did not reproduce it naturally. The diagnostics work is related to #786 and does not claim a reproducible release-creation fix.

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

v3.0.1

3.0.1

  • maintenance release with updated dependencies
Changelog

Sourced from softprops/action-gh-release's changelog.

3.0.2

3.0.2 is a patch release focused on release reliability and compatibility. It reuses existing draft releases when publishing prereleases, supports replacing release assets on Gitea, hardens streamed asset uploads, and provides clearer release-creation diagnostics. It also includes TypeScript, coverage, and tooling maintenance merged since 3.0.1.

This release fixes #795, #438, and #803. The upload transport hardening covers the historical failure reported in #790, although current hosted Node 24 runners did not reproduce it naturally. The diagnostics work is related to #786 and does not claim a reproducible release-creation fix.

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

3.0.1

  • maintenance release with updated dependencies

3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. v2.6.2 was the final Node 20-compatible release and is no longer maintained or supported.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; freeze v2 at the final v2.6.2 release

... (truncated)

Commits
  • 3d0d988 release 3.0.2 (#818)
  • 7e13ed4 fix: clarify release creation 404 errors (#817)
  • e6c70a5 fix: replace existing release assets on Gitea (#816)
  • f345337 fix: publish existing draft releases as prereleases (#801)
  • d8a89a2 fix: upload small checksum assets reliably (#815)
  • 45ece40 chore(deps): remove unused TypeScript tooling (#814)
  • f6b913c feat: improve release error reporting and test coverage (#813)
  • 15f193d chore(deps): upgrade TypeScript to 7 (#812)
  • cc8268d chore(deps): bump actions/checkout in the github-actions group (#810)
  • fd0ed1e chore(deps): bump the npm group with 3 updates (#811)
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jun 24, 2026

Copy link
Copy Markdown
Author

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates pinned GitHub Action dependencies in the repository’s workflows, keeping CI and release automation aligned with the latest upstream security and runtime changes.

Changes:

  • Bump actions/checkout from v6 to v7.0.0 (pinned by commit SHA) across CI and release workflows.
  • Bump googleapis/release-please-action from v4 to v5.0.0 (pinned by commit SHA).
  • Bump softprops/action-gh-release from v3.0.0 to v3.0.1 (pinned by commit SHA).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
.github/workflows/release.yml Updates pinned actions/checkout and action-gh-release SHAs used during release builds/uploads.
.github/workflows/release-please.yml Updates pinned release-please-action SHA used to open/maintain Release PRs and create tags/releases.
.github/workflows/ci.yml Updates pinned actions/checkout SHA used by CI jobs.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/release.yml Outdated
# — without it action-gh-release uses github.ref which is "main"-ish
# for manual dispatches and fails to find a matching release.
- uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3
- uses: softprops/action-gh-release@718ea10b132b3b2eba29c1007bb80653f286566b # v3
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-e41aaa6a79 branch 2 times, most recently from 7e891d1 to a532d1d Compare July 8, 2026 03:13
Bumps the actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [googleapis/release-please-action](https://github.com/googleapis/release-please-action) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release).


Updates `actions/checkout` from 6.0.3 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

Updates `googleapis/release-please-action` from 4.4.1 to 5.0.0
- [Release notes](https://github.com/googleapis/release-please-action/releases)
- [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md)
- [Commits](googleapis/release-please-action@5c625bf...45996ed)

Updates `softprops/action-gh-release` from 3.0.0 to 3.0.2
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@b430933...3d0d988)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: googleapis/release-please-action
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-e41aaa6a79 branch from a532d1d to c76ce05 Compare July 15, 2026 03:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant