chore(deps): bump the actions group across 1 directory with 5 updates

[dependabot]

Bumps the actions group with 5 updates in the / directory:

Package	From	To
actions/checkout	6.0.2	7.0.0
gitleaks/gitleaks-action	2.3.9	3.0.0
actions/cache	5.0.5	6.1.0
anthropics/claude-code-action	1.0.148	1.0.159
actions/setup-java	5.2.0	5.4.0

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

• block checking out fork pr for pull_request_target and workflow_run by @​aiqiaoy in actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in actions/checkout#2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in actions/checkout#2459
• upgrade module to esm and update dependencies by @​aiqiaoy in actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in actions/checkout#2462
• getting ready for checkout v7 release by @​aiqiaoy in actions/checkout#2464
• update error wording by @​aiqiaoy in actions/checkout#2467

New Contributors

• @​aiqiaoy made their first contribution in actions/checkout#2454

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

• Update changelog by @​ericsciple in actions/checkout#2357
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414
• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• Update changelog for v6.0.3 by @​yaananth in actions/checkout#2446

New Contributors

• @​yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

• Block checking out fork PR for pull_request_target and workflow_run by @​aiqiaoy in actions/checkout#2454
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by @​dependabot[bot] in actions/checkout#2458
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in actions/checkout#2460
• Bump js-yaml from 4.1.0 to 4.2.0 by @​dependabot[bot] in actions/checkout#2461
• Bump @​actions/core and @​actions/tool-cache and Remove uuid by @​dependabot[bot] in actions/checkout#2459
• upgrade module to esm and update dependencies by @​aiqiaoy in actions/checkout#2463
• Bump the minor-npm-dependencies group across 1 directory with 3 updates by @​dependabot[bot] in actions/checkout#2462

v6.0.3

• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

... (truncated)

Commits

• 9c091bb update error wording (#2467)
• 1044a6d getting ready for checkout v7 release (#2464)
• f028218 Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)
• d914b26 upgrade module to esm and update dependencies (#2463)
• 537c7ef Bump @​actions/core and @​actions/tool-cache and Remove uuid (#2459)
• 130a169 Bump js-yaml from 4.1.0 to 4.2.0 (#2461)
• 7d09575 Bump flatted from 3.3.1 to 3.4.2 (#2460)
• 0f9f3aa Bump actions/publish-immutable-action (#2458)
• f9e715a block checking out fork pr for pull_request_target and workflow_run (#2454)
• df4cb1c Update changelog for v6.0.3 (#2446)
• Additional commits viewable in compare view

Updates gitleaks/gitleaks-action from 2.3.9 to 3.0.0

Release notes

Sourced from gitleaks/gitleaks-action's releases.

v3.0.0

What's changed

gitleaks-action v3 migrates the runtime from Node 20 to Node 24. No changes to inputs, outputs, or behavior. Update your workflow from gitleaks/gitleaks-action@v2 to gitleaks/gitleaks-action@v3.

Migration

# Before
- uses: gitleaks/gitleaks-action@v2
After

uses: gitleaks/gitleaks-action@v3

Why

GitHub is deprecating the Node 20 runtime for Actions:

• June 2, 2026: GitHub flips the runner default to Node 24. Workflows using gitleaks-action@v2 (Node 20) will still run, but only if ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true is set as an environment variable.
• September 16, 2026: Node 20 is removed from GitHub-hosted runners entirely. gitleaks-action@v2 stops working regardless of any opt-out flag.

Changes

• action.yml: runtime node20 → node24
• @actions/core: 1.10.0 → 1.11.1
• dist/ rebuilt
• Example workflows updated to actions/checkout@v6 and gitleaks-action@v3
• README updated with v3 migration guide

Self-hosted runners

If you use self-hosted runners, ensure your runner version is >= v2.327.1 (required for Node 24 support).

Commits

• e0c47f4 chore: migrate to Node 24 runtime (v3)
• bf2dc8e Merge pull request #191 from Olexandr88/patch-1
• b71323b Update README.md
• 9c66aa9 Update README.md
• 186c3fe Create FUNDING.yml
• See full diff in compare view

Updates actions/cache from 5.0.5 to 6.1.0

Release notes

Sourced from actions/cache's releases.

v6.1.0

What's Changed

• Bump @​actions/cache to v6.1.0 - handle read-only cache access by @​jasongin in actions/cache#1768

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

• Update packages, migrate to ESM by @​Samirat in actions/cache#1760

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

• Bump @​actions/cache to v5.1.0 - handle read-only cache access by @​jasongin in actions/cache#1775

Full Changelog: actions/cache@v5...v5.1.0

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

• Bump @actions/cache to v6.1.0 to pick up actions/toolkit#2435 Handle cache write error due to read-only token
• Switch redundant "Cache save failed" warning to debug log in save-only

6.0.0

• Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
• Migrated to ESM module system
• Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

... (truncated)

Commits

• 55cc834 Merge pull request #1768 from jasongin/readonly-cache
• d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
• 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
• e9b91fd Prettier fixes
• e4884b8 Rebuild dist
• 10baf01 Fixed licenses
• e39b386 Fix test mock return order
• b692820 PR feedback
• 6074912 Rebuild dist bundles as ESM to match type:module
• 5a912e8 Fix lint and jest issues
• Additional commits viewable in compare view

Updates anthropics/claude-code-action from 1.0.148 to 1.0.159

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.159

What's Changed

• fix: bound app token revocation cleanup by @​tarunag10 in anthropics/claude-code-action#1437

New Contributors

• @​tarunag10 made their first contribution in anthropics/claude-code-action#1437

Full Changelog: anthropics/claude-code-action@v1...v1.0.159

v1.0.158

Full Changelog: anthropics/claude-code-action@v1...v1.0.158

v1.0.157

Full Changelog: anthropics/claude-code-action@v1...v1.0.157

v1.0.156

Full Changelog: anthropics/claude-code-action@v1...v1.0.156

v1.0.155

What's Changed

• fix: filter PR reviews and inline review comments to trigger time by @​EffortlessSteven in anthropics/claude-code-action#1385
• test: cover format-turns content-type fallbacks and system_other handling by @​farmer-data in anthropics/claude-code-action#1421
• fix: allow @ in branch names (valid per git-check-ref-format) by @​bellalMohamed in anthropics/claude-code-action#1411

New Contributors

• @​EffortlessSteven made their first contribution in anthropics/claude-code-action#1385
• @​farmer-data made their first contribution in anthropics/claude-code-action#1421
• @​bellalMohamed made their first contribution in anthropics/claude-code-action#1411

Full Changelog: anthropics/claude-code-action@v1...v1.0.155

v1.0.154

Full Changelog: anthropics/claude-code-action@v1...v1.0.154

v1.0.153

Full Changelog: anthropics/claude-code-action@v1...v1.0.153

v1.0.152

Full Changelog: anthropics/claude-code-action@v1...v1.0.152

v1.0.151

What's Changed

• fix: skip workflow validation token exchange failures by @​Ryanoonan in anthropics/claude-code-action#1417

New Contributors

• @​Ryanoonan made their first contribution in anthropics/claude-code-action#1417

Full Changelog: anthropics/claude-code-action@v1...v1.0.151

v1.0.150

... (truncated)

Commits

• a92e7c7 chore: bump Claude Code to 2.1.195 and Agent SDK to 0.3.195
• f8076dc fix: bound app token revocation cleanup (#1437)
• 5211368 chore: bump Claude Code to 2.1.193 and Agent SDK to 0.3.193
• 428971d chore: bump Claude Code to 2.1.191 and Agent SDK to 0.3.191
• 74eedf1 chore: bump Claude Code to 2.1.190 and Agent SDK to 0.3.190
• 80b3182 chore: bump Claude Code to 2.1.187 and Agent SDK to 0.3.187
• 360be9c fix: allow @ in branch names (valid per git-check-ref-format) (#1411)
• e452eb9 test: cover format-turns content-type fallbacks and system_other handling (#1...
• 6b80630 fix: filter PR reviews and inline review comments to trigger time (#1385)
• 30544b6 chore: bump Claude Code to 2.1.186 and Agent SDK to 0.3.186
• Additional commits viewable in compare view

Updates actions/setup-java from 5.2.0 to 5.4.0

Release notes

Sourced from actions/setup-java's releases.

v5.4.0

What's Changed

• Bump @​typescript-eslint/parser from 8.48.0 to 8.61.1 by @​dependabot[bot] in actions/setup-java#1021
• Fix codeql workflow permissions by @​jsoref in actions/setup-java#993
• fix CodeQL permissions by @​gdams in actions/setup-java#1025
• fix: reject non-semver candidate versions in isVersionSatisfies by @​sproctor in actions/setup-java#1009
• Bump @​actions/cache to 5.1.0, handle cache write denied by @​jasongin in actions/setup-java#1026
• Add Maven Wrapper cache feature by @​mahabaleshwars in actions/setup-java#1027
• Spelling by @​jsoref in actions/setup-java#713
• add link to advanced configuration for JetBrains by @​robstoll in actions/setup-java#850
• docs(action): fix missing required or default fields by @​kranthipoturaju in actions/setup-java#1007
• feat: add microsoft openjdk 17.0.18 by @​al-kau in actions/setup-java#1002
• Update README.md - use "alert syntax for Markdown" for notes by @​mhoffrog in actions/setup-java#924
• Bump undici from 6.24.1 to 6.27.0 by @​dependabot[bot] in actions/setup-java#1033
• Update contributor guide with emoji for clarity by @​brunoborges in actions/setup-java#1028
• add javac problem matcher by @​Trass3r in actions/setup-java#562
• Clarify README version syntax and migration guidance by @​brunoborges with @​Copilot in actions/setup-java#1038
• Update undici artifacts to 6.27.0 (license cache + dist) by @​brunoborges in actions/setup-java#1040
• docs: enhance custom jdk file installation by @​stephanabel in actions/setup-java#996
• Templates for new Java distributions by @​panticmilos in actions/setup-java#429
• Bump actions/checkout from 6 to 7 by @​dependabot[bot] in actions/setup-java#1032
• Bump @​types/node from 25.9.3 to 26.0.0 by @​dependabot[bot] in actions/setup-java#1031
• docs: replace non-existent HelloWorldApp references with java --version by @​brunoborges with @​Copilot in actions/setup-java#1043
• docs: add JavaFX Maven project configuration instructions by @​brunoborges with @​Copilot in actions/setup-java#1044
• docs: self-signed certificate / internal CA handling for GitHub Enterprise by @​brunoborges in actions/setup-java#1050
• docs: document importing an internal CA into the installed JDK (cacerts) by @​brunoborges in actions/setup-java#1051
• chore: Harden workflows: least-privilege permissions + zizmor integration by @​brunoborges in actions/setup-java#1039
• dist: Add GraalVM Community distribution support by @​brunoborges with @​Copilot in actions/setup-java#1042
• docs: note jdkfile approach for Early Access / unreleased JDK builds by @​brunoborges in actions/setup-java#1058
• dist: Apply Copilot review suggestions from PR #1042 (GraalVM Community) by @​brunoborges in actions/setup-java#1059

New Contributors

• @​jsoref made their first contribution in actions/setup-java#993
• @​sproctor made their first contribution in actions/setup-java#1009
• @​jasongin made their first contribution in actions/setup-java#1026
• @​robstoll made their first contribution in actions/setup-java#850
• @​kranthipoturaju made their first contribution in actions/setup-java#1007
• @​al-kau made their first contribution in actions/setup-java#1002
• @​mhoffrog made their first contribution in actions/setup-java#924
• @​brunoborges made their first contribution in actions/setup-java#1028
• @​Trass3r made their first contribution in actions/setup-java#562
• @​stephanabel made their first contribution in actions/setup-java#996

Full Changelog: actions/setup-java@v5...v5.4.0

v5.3.0

What's Changed

• chore: update Java version to 25 in setup examples by @​alaahong in actions/setup-java#969
• Bump minimatch from 3.1.2 to 3.1.5 by @​dependabot[bot] in actions/setup-java#984
• Refactor error handling and improve test logging for installers by @​chiranjib-swain in actions/setup-java#989

... (truncated)

Commits

• 1bcf9fb dist: Address Copilot review suggestions from PR #1042 (GraalVM Community) (#...
• fa2c650 docs: note jdkfile approach for Early Access / unreleased JDK builds (#1058)
• 1d56e31 dist: Add GraalVM Community distribution support (#1042)
• 1d25252 chore: Harden workflows: least-privilege permissions + zizmor integration (#1...
• 668c1ea docs: add post-install keytool import for the JDK cacerts trust store (#1051)
• a9a46fb docs: document self-signed certificate / internal CA handling for GitHub Ente...
• 5431e71 docs: add JavaFX Maven project configuration instructions (#1044)
• 4baa9b4 docs: replace non-existent HelloWorldApp references with java --version (#1043)
• eab4b08 Bump @​types/node from 25.9.3 to 26.0.0 (#1031)
• bf0c0e6 Bump actions/checkout from 6 to 7 (#1032)
• Additional commits viewable in compare view