Skip to content

chore(deps): bump the actions group across 1 directory with 5 updates#927

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-c930fc757b
Open

chore(deps): bump the actions group across 1 directory with 5 updates#927
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-c930fc757b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 5 updates in the / directory:

Package From To
actions/checkout 6.0.2 7.0.0
gitleaks/gitleaks-action 2.3.9 3.0.0
actions/cache 5.0.5 6.1.0
anthropics/claude-code-action 1.0.148 1.0.159
actions/setup-java 5.2.0 5.4.0

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates gitleaks/gitleaks-action from 2.3.9 to 3.0.0

Release notes

Sourced from gitleaks/gitleaks-action's releases.

v3.0.0

What's changed

gitleaks-action v3 migrates the runtime from Node 20 to Node 24. No changes to inputs, outputs, or behavior. Update your workflow from gitleaks/gitleaks-action@v2 to gitleaks/gitleaks-action@v3.

Migration

# Before
- uses: gitleaks/gitleaks-action@v2
After

uses: gitleaks/gitleaks-action@v3

Why

GitHub is deprecating the Node 20 runtime for Actions:

  • June 2, 2026: GitHub flips the runner default to Node 24. Workflows using gitleaks-action@v2 (Node 20) will still run, but only if ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true is set as an environment variable.
  • September 16, 2026: Node 20 is removed from GitHub-hosted runners entirely. gitleaks-action@v2 stops working regardless of any opt-out flag.

Changes

  • action.yml: runtime node20node24
  • @actions/core: 1.10.0 → 1.11.1
  • dist/ rebuilt
  • Example workflows updated to actions/checkout@v6 and gitleaks-action@v3
  • README updated with v3 migration guide

Self-hosted runners

If you use self-hosted runners, ensure your runner version is >= v2.327.1 (required for Node 24 support).

Commits

Updates actions/cache from 5.0.5 to 6.1.0

Release notes

Sourced from actions/cache's releases.

v6.1.0

What's Changed

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR feedback
  • 6074912 Rebuild dist bundles as ESM to match type:module
  • 5a912e8 Fix lint and jest issues
  • Additional commits viewable in compare view

Updates anthropics/claude-code-action from 1.0.148 to 1.0.159

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.159

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.159

v1.0.158

Full Changelog: anthropics/claude-code-action@v1...v1.0.158

v1.0.157

Full Changelog: anthropics/claude-code-action@v1...v1.0.157

v1.0.156

Full Changelog: anthropics/claude-code-action@v1...v1.0.156

v1.0.155

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.155

v1.0.154

Full Changelog: anthropics/claude-code-action@v1...v1.0.154

v1.0.153

Full Changelog: anthropics/claude-code-action@v1...v1.0.153

v1.0.152

Full Changelog: anthropics/claude-code-action@v1...v1.0.152

v1.0.151

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.151

v1.0.150

... (truncated)

Commits
  • a92e7c7 chore: bump Claude Code to 2.1.195 and Agent SDK to 0.3.195
  • f8076dc fix: bound app token revocation cleanup (#1437)
  • 5211368 chore: bump Claude Code to 2.1.193 and Agent SDK to 0.3.193
  • 428971d chore: bump Claude Code to 2.1.191 and Agent SDK to 0.3.191
  • 74eedf1 chore: bump Claude Code to 2.1.190 and Agent SDK to 0.3.190
  • 80b3182 chore: bump Claude Code to 2.1.187 and Agent SDK to 0.3.187
  • 360be9c fix: allow @ in branch names (valid per git-check-ref-format) (#1411)
  • e452eb9 test: cover format-turns content-type fallbacks and system_other handling (#1...
  • 6b80630 fix: filter PR reviews and inline review comments to trigger time (#1385)
  • 30544b6 chore: bump Claude Code to 2.1.186 and Agent SDK to 0.3.186
  • Additional commits viewable in compare view

Updates actions/setup-java from 5.2.0 to 5.4.0

Release notes

Sourced from actions/setup-java's releases.

v5.4.0

What's Changed

New Contributors

Full Changelog: actions/setup-java@v5...v5.4.0

v5.3.0

What's Changed

... (truncated)

Commits
  • 1bcf9fb dist: Address Copilot review suggestions from PR #1042 (GraalVM Community) (#...
  • fa2c650 docs: note jdkfile approach for Early Access / unreleased JDK builds (#1058)
  • 1d56e31 dist: Add GraalVM Community distribution support (#1042)
  • 1d25252 chore: Harden workflows: least-privilege permissions + zizmor integration (#1...
  • 668c1ea docs: add post-install keytool import for the JDK cacerts trust store (#1051)
  • a9a46fb docs: document self-signed certificate / internal CA handling for GitHub Ente...
  • 5431e71 docs: add JavaFX Maven project configuration instructions (#1044)
  • 4baa9b4 docs: replace non-existent HelloWorldApp references with java --version (#1043)
  • eab4b08 Bump @​types/node from 25.9.3 to 26.0.0 (#1031)
  • bf0c0e6 Bump actions/checkout from 6 to 7 (#1032)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Dependency update PRs security Security-related PRs and issues labels Jun 25, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 25, 2026 03:27
@dependabot-automerge-petry dependabot-automerge-petry Bot enabled auto-merge (squash) June 25, 2026 03:27
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 1b324b2 to 87a7575 Compare June 25, 2026 05:58
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 87a7575 to 89f2dc4 Compare June 25, 2026 06:04
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 89f2dc4 to 1c6bcaa Compare June 25, 2026 12:17
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 1c6bcaa to a63f15c Compare June 25, 2026 19:40
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from a63f15c to 3c7712e Compare June 26, 2026 16:32
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 3c7712e to 33eaea9 Compare June 27, 2026 04:50
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 33eaea9 to 524861f Compare June 27, 2026 15:54
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 524861f to 39f112c Compare June 27, 2026 16:42
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 39f112c to 551e22d Compare June 27, 2026 17:52
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 551e22d to 21b2c59 Compare June 28, 2026 06:45
Bumps the actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2.3.9` | `3.0.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` |
| [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.148` | `1.0.159` |
| [actions/setup-java](https://github.com/actions/setup-java) | `5.2.0` | `5.4.0` |



Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6.0.2...9c091bb)

Updates `gitleaks/gitleaks-action` from 2.3.9 to 3.0.0
- [Release notes](https://github.com/gitleaks/gitleaks-action/releases)
- [Commits](gitleaks/gitleaks-action@ff98106...e0c47f4)

Updates `actions/cache` from 5.0.5 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...55cc834)

Updates `anthropics/claude-code-action` from 1.0.148 to 1.0.159
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](anthropics/claude-code-action@d5726de...a92e7c7)

Updates `actions/setup-java` from 5.2.0 to 5.4.0
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@be666c2...1bcf9fb)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-java
  dependency-version: 5.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.157
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: gitleaks/gitleaks-action
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/actions-c930fc757b branch from 21b2c59 to dc7a374 Compare June 28, 2026 12:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency update PRs security Security-related PRs and issues

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants