chore(deps): bump the github-actions-all group across 1 directory with 8 updates by dependabot[bot] · Pull Request #333 · chatwork/kibertas

dependabot · 2026-03-31T10:44:34Z

Bumps the github-actions-all group with 8 updates in the / directory:

Package	From	To
dependabot/fetch-metadata	`2.5.0`	`3.1.0`
docker/setup-qemu-action	`3.7.0`	`4.0.0`
docker/setup-buildx-action	`3.12.0`	`4.0.0`
actions/setup-go	`6.2.0`	`6.4.0`
docker/login-action	`3.7.0`	`4.1.0`
goreleaser/goreleaser-action	`6.4.0`	`7.2.1`
actions/upload-artifact	`6.0.0`	`7.0.1`
actions/dependency-review-action	`4.8.2`	`4.9.0`

Updates dependabot/fetch-metadata from 2.5.0 to 3.1.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

Add permissions to all workflows by @truggeri in dependabot/fetch-metadata#687

build(deps-dev): bump globals from 16.0.0 to 17.4.0 by @dependabot[bot] in dependabot/fetch-metadata#690

build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @dependabot[bot] in dependabot/fetch-metadata#693

build(deps-dev): bump @hono/node-server from 1.19.10 to 1.19.13 by @dependabot[bot] in dependabot/fetch-metadata#694

build(deps-dev): bump hono from 4.12.7 to 4.12.12 by @dependabot[bot] in dependabot/fetch-metadata#695

Dynamically update the tracking tag in action by @truggeri in dependabot/fetch-metadata#696

fix: handle duplicate dependency names in parseMetadataLinks by @devantler in dependabot/fetch-metadata#700

fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by @devantler in dependabot/fetch-metadata#698

Updates to README for permissions clarification by @truggeri in dependabot/fetch-metadata#697

fix: resolve update-type null for Python, Composer, and Terraform PRs by @vitorsdcs in dependabot/fetch-metadata#704

build(deps-dev): bump globals from 17.4.0 to 17.5.0 by @dependabot[bot] in dependabot/fetch-metadata#703

build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @dependabot[bot] in dependabot/fetch-metadata#701

build(deps): bump @actions/github from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by @dependabot[bot] in dependabot/fetch-metadata#702

build(deps-dev): bump hono from 4.12.12 to 4.12.14 by @dependabot[bot] in dependabot/fetch-metadata#705

v3.1.0 by @fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#692

New Contributors

@devantler made their first contribution in dependabot/fetch-metadata#700

@vitorsdcs made their first contribution in dependabot/fetch-metadata#704

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

feat: Parse versions from metadata links by @ppkarwasz in dependabot/fetch-metadata#632

Upgrade actions core and actions github packages by @truggeri in dependabot/fetch-metadata#649

docs: Add notes for using alert-lookup with App Token by @sue445 in dependabot/fetch-metadata#656

feat!: update Node.js version to v24 by @sturman in dependabot/fetch-metadata#671

Switch build tooling from ncc to esbuild by @truggeri in dependabot/fetch-metadata#676

Add --legal-comments=none to esbuild build commands by @jeffwidman in dependabot/fetch-metadata#679

Bump tsconfig target from es2022 to es2024 by @jeffwidman in dependabot/fetch-metadata#680

Remove vestigial outDir from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#681

Switch tsconfig module resolution to bundler by @jeffwidman in dependabot/fetch-metadata#682

Remove skipLibCheck from tsconfig.json by @jeffwidman in dependabot/fetch-metadata#683

Add typecheck step to CI by @jeffwidman in dependabot/fetch-metadata#685

Enable noImplicitAny in tsconfig.json by @jeffwidman in dependabot/fetch-metadata#684

Upgrade @actions/core to ^3.0.0 by @truggeri in dependabot/fetch-metadata#677

Upgrade @actions/github to ^9.0.0 and @octokit/request-error to ^7.1.0 by @truggeri in dependabot/fetch-metadata#678

Bump qs from 6.14.0 to 6.14.1 by @dependabot[bot] in dependabot/fetch-metadata#651

Bump hono from 4.11.1 to 4.11.4 by @dependabot[bot] in dependabot/fetch-metadata#652

Bump hono from 4.11.4 to 4.11.7 by @dependabot[bot] in dependabot/fetch-metadata#653

Bump hono from 4.11.7 to 4.12.0 by @dependabot[bot] in dependabot/fetch-metadata#657

Bump qs from 6.14.1 to 6.14.2 by @dependabot[bot] in dependabot/fetch-metadata#655

Bump @modelcontextprotocol/sdk from 1.25.1 to 1.26.0 by @dependabot[bot] in dependabot/fetch-metadata#654

Bump @hono/node-server from 1.19.9 to 1.19.10 by @dependabot[bot] in dependabot/fetch-metadata#665

Bump hono from 4.12.2 to 4.12.5 by @dependabot[bot] in dependabot/fetch-metadata#664

... (truncated)

Commits

25dd0e3 v3.1.0 (#692)
e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
5168191 Updating dist build
23882e1 build(deps): bump @actions/github in the dependencies group
1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3.7.0 to 4.0.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.0.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates actions/setup-go from 6.2.0 to 6.4.0

Release notes

Sourced from actions/setup-go's releases.

v6.4.0

What's Changed

Enhancement

Add go-download-base-url input for custom Go distributions by @gdams in actions/setup-go#721

Dependency update

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-go#727

Documentation update

Rearrange README.md, add advanced-usage.md by @priyagupta108 in actions/setup-go#724

Fix Microsoft build of Go link by @gdams in actions/setup-go#734

New Contributors

@gdams made their first contribution in actions/setup-go#721

Full Changelog: actions/setup-go@v6...v6.4.0

v6.3.0

What's Changed

Update default Go module caching to use go.mod by @priyagupta108 in actions/setup-go#705

Fix golang download url to go.dev by @178inaba in actions/setup-go#469

Full Changelog: actions/setup-go@v6...v6.3.0

Commits

4a36011 docs: fix Microsoft build of Go link (#734)
8f19afc feat: add go-download-base-url input for custom Go distributions (#721)
27fdb26 Bump minimatch from 3.1.2 to 3.1.5 (#727)
def8c39 Rearrange README.md, add advanced-usage.md (#724)
4b73464 Fix golang download url to go.dev (#469)
a5f9b05 Update default Go module caching to use go.mod (#705)
See full diff in compare view

Updates docker/login-action from 3.7.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.4.0 to 7.2.1

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.2.1

This fully removes the usage of the old nightly moving tag.

Full Changelog: goreleaser/goreleaser-action@v7.2.0...v7.2.1

v7.2.0

What's Changed

test: cover install across release eras by @caarlos0 in goreleaser/goreleaser-action#555

feat: add version-file input by @caarlos0 in goreleaser/goreleaser-action#556

feat: resolve nightly to latest vX.Y.Z--nightly release by @caarlos0 in goreleaser/goreleaser-action#558

Full Changelog: goreleaser/goreleaser-action@v7...v7.2.0

v7.1.0

What's Changed

feat: verify release checksum and cosign signature by @caarlos0 in goreleaser/goreleaser-action#550

docs: document cosign verification in README by @caarlos0 in goreleaser/goreleaser-action#553

docs: Upgrade import GPG action version by @flecno in goreleaser/goreleaser-action#547

ci: drop docker-bake in favor of plain npm by @caarlos0 in goreleaser/goreleaser-action#551

ci: add release-major-tag workflow by @caarlos0 in goreleaser/goreleaser-action#552

ci: drop pre-cosign-v3 goreleaser versions from tests by @caarlos0 in goreleaser/goreleaser-action#554

ci(deps): bump the actions group with 2 updates by @dependabot[bot] in goreleaser/goreleaser-action#543

ci(deps): bump the actions group with 5 updates by @dependabot[bot] in goreleaser/goreleaser-action#546

chore(deps): bump undici from 6.23.0 to 6.24.1 by @dependabot[bot] in goreleaser/goreleaser-action#545

New Contributors

@flecno made their first contribution in goreleaser/goreleaser-action#547

Full Changelog: goreleaser/goreleaser-action@v7...v7.1.0

v7.0.0

What's Changed

feat!: node 24, update deps, rm yarn, ESM by @caarlos0 in goreleaser/goreleaser-action#533

sec: pin github action versions by @caarlos0 in goreleaser/goreleaser-action#514

docs: Upgrade checkout GitHub Action in README.md by @dunglas in goreleaser/goreleaser-action#507

chore(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in goreleaser/goreleaser-action#504

ci(deps): bump the actions group with 2 updates by @dependabot[bot] in goreleaser/goreleaser-action#517

ci(deps): bump the actions group with 2 updates by @dependabot[bot] in goreleaser/goreleaser-action#523

ci(deps): bump docker/bake-action from 6.9.0 to 6.10.0 in the actions group by @dependabot[bot] in goreleaser/goreleaser-action#526

ci(deps): bump the actions group across 1 directory with 4 updates by @dependabot[bot] in goreleaser/goreleaser-action#532

ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @dependabot[bot] in goreleaser/goreleaser-action#534

chore(deps): bump the npm group across 1 directory with 4 updates by @dependabot[bot] in goreleaser/goreleaser-action#536

chore(deps): bump @actions/http-client from 3.0.2 to 4.0.0 in the npm group by @dependabot[bot] in goreleaser/goreleaser-action#537

ci(deps): bump docker/setup-buildx-action from 3.10.0 to 3.12.0 in the actions group by @dependabot[bot] in goreleaser/goreleaser-action#538

chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group by @dependabot[bot] in goreleaser/goreleaser-action#539

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

Commits

1a80836 ci(nightly): pass GITHUB_TOKEN to nightly integration job
a71152e refactor: drop legacy 'nightly' tag fallback
4c6ab56 feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release (#558)
4f96abf feat: add version-file input (#556)
15fa2a9 test: cover install across release eras (#555)
e24998b ci: drop pre-cosign-v3 goreleaser versions from tests (#554)
be2e8a3 docs: document cosign verification in README (#553)
5e53f8e ci: add release-major-tag workflow (#552)
4068afa build: drop docker-bake in favor of plain npm (#551)
213ec80 docs: add CONTRIBUTING with pre-commit workflow
Additional commits viewable in compare view

Updates actions/upload-artifact from 6.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Update the readme with direct upload details by @danwkennedy in actions/upload-artifact#795

Readme: bump all the example versions to v7 by @danwkennedy in actions/upload-artifact#796

Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
See full diff in compare view

Updates actions/dependency-review-action from 4.8.2 to 4.9.0

Release notes

Sourced from actions/dependency-review-action's releases.

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @felickz!

Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @jantiebot!

There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @juxtin!

What's Changed

Compare normalized purls to account for encoding quirks by @juxtin in actions/dependency-review-action#1056

Make purl comparisons case insensitive by @juxtin in actions/dependency-review-action#1057

Feat: Add Patched Version to Vulnerabilities summary by @felickz in actions/dependency-review-action#1045

fix: only get scorecard levels if user wants to see the OpenSSF scorecard by @jantiebot in actions/dependency-review-action#1060

Bump actions/stale from 10.1.0 to 10.2.0 by @dependabot[bot] in actions/dependency-review-action#1058

Bump actions/checkout from 4 to 6 by @dependabot[bot] in actions/dependency-review-action#1021

Updates for release 4.9.0 by @ahpook in actions/dependency-review-action#1064

New Contributors

@jantiebot made their first contribution in actions/dependency-review-action#1060

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

GitHub Actions can't push to our protected main by @dangoor in actions/dependency-review-action#1017

Bump actions/stale from 9.1.0 to 10.1.0 by @dependabot[bot] in actions/dependency-review-action#995

Bump github/codeql-action from 3 to 4 by @dependabot[bot] in actions/dependency-review-action#1003

Bump actions/setup-node from 4 to 6 by @dependabot[bot] in actions/dependency-review-action#1005

Upgrade glob to address a vulnerability by @brrygrdn in actions/dependency-review-action#1024

Bump js-yaml by @dependabot[bot] in actions/dependency-review-action#1020

Addressing vulnerabilities by @Ahmed3lmallah in actions/dependency-review-action#1036

Bump fast-xml-parser from 5.3.3 to 5.3.5 by @dependabot[bot] in actions/dependency-review-action#1050

Bump fast-xml-parser from 5.3.5 to 5.3.6 by @dependabot[bot] in actions/dependency-review-action#1053

Properly truncate long summaries and catch errors by @juxtin in actions/dependency-review-action#1052

Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @dependabot[bot] in actions/dependency-review-action#931

Changes for Release 4.8.3 by @ahpook in actions/dependency-review-action#1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

Commits

2031cfc Merge pull request #1064 from actions/ahpook/release-4.9.0
d02fa39 Updates for release 4.9.0
4038a34 Merge pull request #1021 from actions/dependabot/github_actions/actions/check...
a632b83 Merge pull request #1058 from actions/dependabot/github_actions/actions/stale...
57a3d46 Merge pull request #1060 from jantiebot/main
5ecdc4b Merge pull request #1045 from forks-felickz/main
e8c2f9a fix: remove inferrable type annotation to pass eslint
0e129e1 Prettier - Refactor summary table rendering for improved readability
aa60746 Add 'show-patched-versions' option to configuration and update summary handling
e404798 Merge upstream actions/dependency-review-action main
Additional commits viewable in compare view

…h 8 updates Bumps the github-actions-all group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.1.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `6.2.0` | `6.4.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.1.0` | | [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6.4.0` | `7.2.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.1` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.2` | `4.9.0` | Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@21025c7...25dd0e3) Updates `docker/setup-qemu-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@c7c5346...ce36039) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8d2750c...4d04d5d) Updates `actions/setup-go` from 6.2.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@7a3fe6c...4a36011) Updates `docker/login-action` from 3.7.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...4907a6d) Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.2.1 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](goreleaser/goreleaser-action@e435ccd...1a80836) Updates `actions/upload-artifact` from 6.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...043fb46) Updates `actions/dependency-review-action` from 4.8.2 to 4.9.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@3c4e3dc...2031cfc) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-all - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all - dependency-name: dependabot/fetch-metadata dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all - dependency-name: goreleaser/goreleaser-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 31, 2026

dependabot Bot force-pushed the dependabot/github_actions/github-actions-all-34c4019bb9 branch from 2fbf0b4 to 9d26c78 Compare April 7, 2026 10:44

dependabot Bot force-pushed the dependabot/github_actions/github-actions-all-34c4019bb9 branch from 9d26c78 to 05440a2 Compare April 14, 2026 10:44

dependabot Bot force-pushed the dependabot/github_actions/github-actions-all-34c4019bb9 branch from 05440a2 to f1ddf29 Compare April 21, 2026 10:44

dependabot Bot force-pushed the dependabot/github_actions/github-actions-all-34c4019bb9 branch from f1ddf29 to ad95c91 Compare April 28, 2026 10:44

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the github-actions-all group across 1 directory with 8 updates#333

chore(deps): bump the github-actions-all group across 1 directory with 8 updates#333
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-all-34c4019bb9

dependabot Bot commented on behalf of github Mar 31, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Mar 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v3.1.0

What's Changed

New Contributors

v3.0.0

What's Changed

v4.0.0

v4.0.0

v6.4.0

What's Changed

Enhancement

Dependency update

Documentation update

New Contributors

v6.3.0

What's Changed

v4.1.0

v4.0.0

v7.2.1

v7.2.0

What's Changed

v7.1.0

What's Changed

New Contributors

v7.0.0

What's Changed

v7.0.1

What's Changed

v7.0.0

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

Dependency Review Action 4.9.0

What's Changed

New Contributors

4.8.3

Dependency Review Action v4.8.3

What's Changed

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Mar 31, 2026 •

edited

Loading