Skip to content

build(deps): bump the actions-routine group across 1 directory with 4 updates#14

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-routine-650fed67bf
Open

build(deps): bump the actions-routine group across 1 directory with 4 updates#14
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-routine-650fed67bf

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the actions-routine group with 4 updates in the / directory: actions/checkout, dependabot/fetch-metadata, actions/dependency-review-action and actions/upload-artifact.

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

... (truncated)

Commits

Updates dependabot/fetch-metadata from 2.5.0 to 3.1.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

New Contributors

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

v3.0.0

The breaking change is requiring Node.js version v24 as the Actions runtime.

What's Changed

... (truncated)

Commits
  • 25dd0e3 v3.1.0 (#692)
  • e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
  • 0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
  • 7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
  • 5168191 Updating dist build
  • 23882e1 build(deps): bump @​actions/github in the dependencies group
  • 1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
  • 43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
  • b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
  • c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
  • Additional commits viewable in compare view

Updates actions/dependency-review-action from 4 to 5

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

... (truncated)

Commits
  • a1d282b Merge pull request #1098 from actions/ahpook/v5-release
  • eb6c199 update examples to show @​v5
  • 3943c2c v5.0.0 release branch
  • 454943c Merge pull request #1094 from actions/ashelytc/security-findings
  • 6d92a12 revert @​typescript-eslint/parser update
  • a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
  • b6b7079 update @​typescript-eslint/parser to 8.40.0
  • 821a21d update more dependencies
  • 05aaaae run npm audit fix
  • 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the actions-routine group across 1 directory with 4…
e59aa44 
… updates

Bumps the actions-routine group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata), [actions/dependency-review-action](https://github.com/actions/dependency-review-action) and [actions/upload-artifact](https://github.com/actions/upload-artifact).


Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...df4cb1c)

Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@21025c7...25dd0e3)

Updates `actions/dependency-review-action` from 4 to 5
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@v4...v5)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-routine
- dependency-name: dependabot/fetch-metadata
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-routine
- dependency-name: actions/dependency-review-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-routine
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-routine
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants