Skip to content

ci: bump the github-actions group with 6 updates#2

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-a5b76c7ab5
Closed

ci: bump the github-actions group with 6 updates#2
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-a5b76c7ab5

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 11, 2026
edited
Loading

Bumps the github-actions group with 6 updates:

Package From To
actions/checkout 4 6
actions/setup-node 4 6
codecov/codecov-action 4 5
actions/attest-build-provenance 1 3
peter-evans/find-comment 3 4
peter-evans/create-or-update-comment 4 5

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits

Updates actions/setup-node from 4 to 6

Release notes

Sourced from actions/setup-node's releases.

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Full Changelog: actions/setup-node@v5...v6.0.0

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

... (truncated)

Commits

Updates codecov/codecov-action from 4 to 5

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING] The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Commits

Updates actions/attest-build-provenance from 1 to 3

Release notes

Sourced from actions/attest-build-provenance's releases.

v3.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1 Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/attest-build-provenance@v2.4.0...v3.0.0

v2.4.0

What's Changed

Full Changelog: actions/attest-build-provenance@v2.3.0...v2.4.0

v2.3.0

What's Changed

Full Changelog: actions/attest-build-provenance@v2.2.3...v2.3.0

v2.2.3

What's Changed

Full Changelog: actions/attest-build-provenance@v2.2.2...v2.2.3

v2.2.2

What's Changed

Full Changelog: actions/attest-build-provenance@v2.2.1...v2.2.2

v2.2.1

... (truncated)

Commits

Updates peter-evans/find-comment from 3 to 4

Release notes

Sourced from peter-evans/find-comment's releases.

Find Comment v4.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

... (truncated)

Commits
  • b30e6a3 feat: v4 (#389)
  • b4929e7 build(deps-dev): bump @​types/node from 18.19.124 to 18.19.127 (#388)
  • 1f47d94 build(deps-dev): bump @​vercel/ncc from 0.38.3 to 0.38.4 (#387)
  • a723a15 build(deps): bump actions/setup-node from 4 to 5 (#386)
  • 8bacb1b build(deps-dev): bump @​types/node from 18.19.123 to 18.19.124 (#385)
  • 048de65 build(deps): bump actions/checkout from 4 to 5 (#384)
  • c02750f build(deps-dev): bump @​types/node from 18.19.122 to 18.19.123 (#383)
  • 092c582 build(deps): bump actions/download-artifact from 4 to 5 (#382)
  • c115bb0 build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 (#381)
  • 8d3be5d build(deps-dev): bump @​types/node from 18.19.121 to 18.19.122 (#380)
  • Additional commits viewable in compare view

Updates peter-evans/create-or-update-comment from 4 to 5

Release notes

Sourced from peter-evans/create-or-update-comment's releases.

Create or Update Comment v5.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jan 11, 2026

Labels

The following labels could not be found: automated, dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot
ci: bump the github-actions group with 6 updates
80b9f57 
Bumps the github-actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `5` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `1` | `3` |
| [peter-evans/find-comment](https://github.com/peter-evans/find-comment) | `3` | `4` |
| [peter-evans/create-or-update-comment](https://github.com/peter-evans/create-or-update-comment) | `4` | `5` |


Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

Updates `codecov/codecov-action` from 4 to 5
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v4...v5)

Updates `actions/attest-build-provenance` from 1 to 3
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@v1...v3)

Updates `peter-evans/find-comment` from 3 to 4
- [Release notes](https://github.com/peter-evans/find-comment/releases)
- [Commits](peter-evans/find-comment@v3...v4)

Updates `peter-evans/create-or-update-comment` from 4 to 5
- [Release notes](https://github.com/peter-evans/create-or-update-comment/releases)
- [Commits](peter-evans/create-or-update-comment@v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/attest-build-provenance
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: peter-evans/find-comment
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: peter-evans/create-or-update-comment
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-a5b76c7ab5 branch from 216b04f to 80b9f57 Compare January 26, 2026 18:58
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Mar 9, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 9, 2026
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-a5b76c7ab5 branch March 9, 2026 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants