Bump the github-actions group across 1 directory with 10 updates by dependabot[bot] · Pull Request #155 · coder/code-marketplace

dependabot · 2026-05-25T16:47:23Z

Bumps the github-actions group with 10 updates in the / directory:

Package	From	To
softprops/action-gh-release	`2`	`3`
azure/setup-helm	`4`	`5`
golangci/golangci-lint-action	`9.2.0`	`9.2.1`
robinraju/release-downloader	`1.12`	`1.13`
docker/login-action	`3`	`4`
docker/setup-qemu-action	`3`	`4`
docker/setup-buildx-action	`3`	`4`
actions/upload-artifact	`7.0.0`	`7.0.1`
github/codeql-action	`4.32.5`	`4.36.0`
aquasecurity/trivy-action	`97e0b3872f55f89b95b2f65b3dbab56962816478`	`314ff8b43182423b84c50b1670b0e10f858f2d98`

Updates softprops/action-gh-release from 2 to 3

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

Move the action runtime and bundle target to Node 24

Update @types/node to the Node 24 line and allow future Dependabot updates

Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @dependabot[bot] in softprops/action-gh-release#775

chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @dependabot[bot] in softprops/action-gh-release#777

chore(deps): bump vite from 8.0.0 to 8.0.5 by @dependabot[bot] in softprops/action-gh-release#781

Full Changelog: softprops/action-gh-release@v2...v2.6.2

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

fix: preserve discussion category on publish by @chenrui333 in softprops/action-gh-release#765

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.13

fix issue with multiple runs concatenating release bodies #145

Commits

b430933 release: cut v3.0.0 for Node 24 upgrade (#670)
c2e35e0 chore(deps): bump the npm group across 1 directory with 7 updates (#783)
See full diff in compare view

Updates azure/setup-helm from 4 to 5

Release notes

Sourced from azure/setup-helm's releases.

v5.0.0

Changed

#259 Update Node.js runtime from node20 to node24

#263 Bump undici

#257 Bump undici and @actions/http-client

#256 Bump minimatch

#248 Bump the actions group with 2 updates

#247 Bump the actions group with 3 updates

#246 Bump @types/node from 25.0.2 to 25.0.3 in the actions group

#245 Bump the actions group with 3 updates

#243 Bump the actions group with 2 updates

#240 Bump prettier from 3.6.2 to 3.7.3 in the actions group

#229 Bump the actions group across 1 directory with 3 updates

#231 Bump js-yaml from 3.14.1 to 3.14.2

#234 Bump glob from 10.4.5 to 10.5.0

#225 Fix build error

#222 Bump @types/node from 24.7.2 to 24.8.1 in the actions group

#220 Bump the actions group across 1 directory with 4 updates

#216 Bump the actions group across 1 directory with 4 updates

#213 Bump the actions group with 2 updates

#211 Bump undici

#212 Bump jest from 30.0.5 to 30.1.2 in the actions group

#210 Bump @types/node from 24.2.1 to 24.3.0 in the actions group

v4.3.1

Changed

#167 Pinning Action Dependencies for Security and Reliability

#181 Fix types, and update node version.

#191 chore(tests): Mock arch to make tests pass on arm host

#192 chore: remove unnecessary prebuild script

#203 Update helm version retrieval to use JSON output for latest version

#207 ci(workflows): update helm version to v3.18.4 and add matrix for tests

Added

#197 Add pre-commit hook

v4.3.0

#152 feat: log when restoring from cache

#157 Dependencies Update

#137 Add dependabot

v4.2.0

#124 Fix OS detection and download OS-native archive extension

v4.1.0

#130 switches to use Helm published file to read latest version instead of using GitHub releases

Changelog

Sourced from azure/setup-helm's changelog.

[4.3.0] - 2025-02-15

#152 feat: log when restoring from cache

#157 Dependencies Update

#137 Add dependabot

[4.2.0] - 2024-04-15

#124 Fix OS detection and download OS-native archive extension

[4.1.0] - 2024-03-01

#130 switches to use Helm published file to read latest version instead of using GitHub releases

[4.0.0] - 2024-02-12

#121 update to node20 as node16 is deprecated

Commits

dda3372 build
3894c84 chore(release): v5.0.0 (#265)
ca66f38 Update Node.js runtime from node20 to node24 (#259)
316ed5a Bump undici (#263)
bc9bc0c Bump undici and @actions/http-client (#257)
16e3094 Bump minimatch (#256)
6e42753 Bump actions/stale in /.github/workflows in the actions group (#255)
9651d9d Bump actions/checkout in /.github/workflows in the actions group (#251)
658bff9 Bump the actions group with 2 updates (#248)
331c814 Bump the actions group with 3 updates (#247)
Additional commits viewable in compare view

Updates golangci/golangci-lint-action from 9.2.0 to 9.2.1

Release notes

Sourced from golangci/golangci-lint-action's releases.

v9.2.1

What's Changed

IMPORTANT: this is the first immutable release.

Changes

chore: improve workflows by @ldez in golangci/golangci-lint-action#1394

Dependencies

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot[bot] in golangci/golangci-lint-action#1325

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1326

build(deps): bump the dependencies group with 4 updates by @dependabot[bot] in golangci/golangci-lint-action#1327

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1328

build(deps): bump @types/node from 25.0.2 to 25.0.3 in the dependencies group by @dependabot[bot] in golangci/golangci-lint-action#1329

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1330

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1332

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1333

build(deps): bump the dependencies group with 6 updates by @dependabot[bot] in golangci/golangci-lint-action#1334

build(deps-dev): bump the dev-dependencies group with 4 updates by @dependabot[bot] in golangci/golangci-lint-action#1335

build(deps): bump the dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1336

build(deps-dev): bump the dev-dependencies group with 3 updates by @dependabot[bot] in golangci/golangci-lint-action#1337

build(deps): bump @types/node from 25.0.9 to 25.0.10 in the dependencies group by @dependabot[bot] in golangci/golangci-lint-action#1338

build(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 by @dependabot[bot] in golangci/golangci-lint-action#1339

build(deps-dev): bump the dev-dependencies group with 2 updates by @dependabot[bot] in golangci/golangci-lint-action#1340

build(deps-dev): bump the dev-dependencies group across 1 directory with 3 updates by @dependabot[bot] in golangci/golangci-lint-action#1344

build(deps): bump fast-xml-parser from 5.3.4 to 5.3.6 by @dependabot[bot] in golangci/golangci-lint-action#1346

build(deps): bump minimatch by @dependabot[bot] in golangci/golangci-lint-action#1348

build(deps): bump minimatch from 3.1.3 to 3.1.5 by @dependabot[bot] in golangci/golangci-lint-action#1350

build(deps): bump fast-xml-parser from 5.3.6 to 5.4.1 by @dependabot[bot] in golangci/golangci-lint-action#1351

build(deps): bump fast-xml-parser from 5.4.1 to 5.5.6 by @dependabot[bot] in golangci/golangci-lint-action#1357

build(deps): bump fast-xml-parser from 5.5.6 to 5.5.7 by @dependabot[bot] in golangci/golangci-lint-action#1358

build(deps-dev): bump flatted from 3.3.3 to 3.4.2 by @dependabot[bot] in golangci/golangci-lint-action#1359

build(deps): bump picomatch from 4.0.3 to 4.0.4 by @dependabot[bot] in golangci/golangci-lint-action#1364

build(deps): bump yaml from 2.8.2 to 2.8.3 by @dependabot[bot] in golangci/golangci-lint-action#1365

build(deps): bump brace-expansion by @dependabot[bot] in golangci/golangci-lint-action#1370

build(deps-dev): bump the dev-dependencies group across 1 directory with 7 updates by @ldez in golangci/golangci-lint-action#1374

build(deps): bump github/codeql-action from 4 to 4.35.2 by @dependabot[bot] in golangci/golangci-lint-action#1384

build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 by @dependabot[bot] in golangci/golangci-lint-action#1386

build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 by @dependabot[bot] in golangci/golangci-lint-action#1389

build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 by @dependabot[bot] in golangci/golangci-lint-action#1391

Full Changelog: golangci/golangci-lint-action@v9.2.0...v9.2.1

Commits

82606bf chore: prepare release v9.2.1
97c8387 chore: improve workflows (#1394)
28d0a19 build(deps): bump the dependencies group across 1 directory with 2 updates
633fbc7 build(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#1391)
59f43e2 build(deps): bump github/codeql-action from 4.35.2 to 4.35.3 (#1389)
9eb174e build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0 (#1386)
4f52504 build(deps): bump github/codeql-action from 4 to 4.35.2 (#1384)
6f87dfd docs: update examples
c9500d7 chore: improve workflows
03b1faa chore: improve issue templates
Additional commits viewable in compare view

Updates robinraju/release-downloader from 1.12 to 1.13

Release notes

Sourced from robinraju/release-downloader's releases.

Release Downloader v1.13

What's Changed

chore: group dependendabot updates by @robinraju in robinraju/release-downloader#905

chore: dependency updates by @robinraju in robinraju/release-downloader#906

Upgrade action runtime to node 24 by @robinraju in robinraju/release-downloader#907

Await directory creation by @DavidS-ovm in robinraju/release-downloader#902

Add workflow to check if dist directory id up to date by @robinraju in robinraju/release-downloader#908

ci(mergify): upgrade configuration to current format by @mergify[bot] in robinraju/release-downloader#918

Improve error reporting by @DavidS-ovm in robinraju/release-downloader#903

Add more test coverage by @robinraju in robinraju/release-downloader#920

Split CI into separate worflows (pr validation + main branch builds) by @robinraju in robinraju/release-downloader#921

Build using CI and restrict commits by users by @robinraju in robinraju/release-downloader#924

Bump @types/node from 24.12.0 to 25.5.0 by @dependabot[bot] in robinraju/release-downloader#912

Bump minimatch from 10.2.4 to 10.2.5 by @dependabot[bot] in robinraju/release-downloader#923

Bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in robinraju/release-downloader#915

Bump lodash from 4.17.23 to 4.18.1 by @dependabot[bot] in robinraju/release-downloader#922

Bump tar from 7.5.12 to 7.5.13 in the npm-production group across 1 directory by @dependabot[bot] in robinraju/release-downloader#925

Bump eslint-plugin-jest from 28.11.0 to 29.15.0 by @dependabot[bot] in robinraju/release-downloader#914

Bump brace-expansion from 1.1.12 to 1.1.13 by @dependabot[bot] in robinraju/release-downloader#916

Bump the npm-development group across 1 directory with 8 updates by @dependabot[bot] in robinraju/release-downloader#919

Potential fix for code scanning alert no. 8: Workflow does not contain permissions by @robinraju in robinraju/release-downloader#926

Bump the npm-development group with 5 updates by @dependabot[bot] in robinraju/release-downloader#928

Bump eslint-plugin-github from 5.1.8 to 6.0.0 by @dependabot[bot] in robinraju/release-downloader#929

Migrate to ESM by @robinraju in robinraju/release-downloader#932

Bump @actions/core from 1.11.1 to 3.0.0 by @dependabot[bot] in robinraju/release-downloader#913

Bump typescript from 5.8.2 to 6.0.2 by @dependabot[bot] in robinraju/release-downloader#931

fix #729: Remove archive after extraction by @Wires77 in robinraju/release-downloader#792

Specify different extract path by @gnpaone in robinraju/release-downloader#768

New Contributors

@DavidS-ovm made their first contribution in robinraju/release-downloader#902

@mergify[bot] made their first contribution in robinraju/release-downloader#918

@Wires77 made their first contribution in robinraju/release-downloader#792

@gnpaone made their first contribution in robinraju/release-downloader#768

Full Changelog: robinraju/release-downloader@v1.12...v1.13

Commits

28fc21f chore: refresh dist [skip ci]
d049b59 Specify different extract path (#768)
5014b08 chore: refresh dist [skip ci]
3bd996f fix #729: Remove archive after extraction (#792)
ffd8c66 Bump typescript from 5.8.2 to 6.0.2 (#931)
688517e chore: refresh dist [skip ci]
39e265d Bump @actions/core from 1.11.1 to 3.0.0 (#913)
222ca9c chore: refresh dist [skip ci]
b16c1cd Migrate to ESM (#932)
93eac22 Bump eslint-plugin-github from 5.1.8 to 6.0.0 (#929)
Additional commits viewable in compare view

Updates docker/login-action from 3 to 4

Release notes

Sourced from docker/login-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v3.7.0

Add scope input to set scopes for the authentication token by @crazy-max in docker/login-action#912

Add support for AWS European Sovereign Cloud ECR by @dphi in docker/login-action#914

Ensure passwords are redacted with registry-auth input by @crazy-max in docker/login-action#911

build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

Bump @aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870

Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Bump @actions/core from 1.10.1 to 1.11.1 in docker/login-action#791

Bump @aws-sdk/client-ecr to 3.766.0 in docker/login-action#789 docker/login-action#856

Bump @aws-sdk/client-ecr-public to 3.758.0 in docker/login-action#789 docker/login-action#856

Bump @docker/actions-toolkit from 0.35.0 to 0.57.0 in docker/login-action#801 docker/login-action#806 docker/login-action#858

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/login-action#814

Bump https-proxy-agent from 7.0.5 to 7.0.6 in docker/login-action#823

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/login-action#777

Full Changelog: docker/login-action@v3.3.0...v3.4.0

... (truncated)

Commits

650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
99df1a3 chore: update generated content
3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
4eefcd3 chore: update generated content
56d092c build(deps): bump @docker/actions-toolkit from 0.86.0 to 0.90.0
e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
0bced94 chore: update generated content
3e75a0f build(deps): bump @actions/core from 3.0.0 to 3.0.1
365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3 to 4

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

v3.7.0

Bump @docker/actions-toolkit from 0.56.0 to 0.67.0 in docker/setup-qemu-action#217 docker/setup-qemu-action#230

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-qemu-action#220

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-qemu-action#218

Bump tmp from 0.2.3 to 0.2.4 in docker/setup-qemu-action#221

Bump undici from 5.28.4 to 5.29.0 in docker/setup-qemu-action#219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

v3.6.0

Display binfmt version by @crazy-max in docker/setup-qemu-action#202

Full Changelog: docker/setup-qemu-action@v3.5.0...v3.6.0

v3.5.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-qemu-action#205

Full Changelog: docker/setup-qemu-action@v3.4.0...v3.5.0

v3.4.0

Bump @docker/actions-toolkit from 0.49.0 to 0.54.0 in docker/setup-qemu-action#193 docker/setup-qemu-action#197

Full Changelog: docker/setup-qemu-action@v3.3.0...v3.4.0

v3.3.0

Add cache-image input to enable/disable caching of binfmt image by @crazy-max in docker/setup-qemu-action#130

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-qemu-action#172

Bump @docker/actions-toolkit from 0.35.0 to 0.49.0 in docker/setup-qemu-action#187

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-qemu-action#182

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-qemu-action#162

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

v3.2.0

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-qemu-action#154 docker/setup-qemu-action#155

Full Changelog: docker/setup-qemu-action@v3.1.0...v3.2.0

v3.1.0

... (truncated)

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3 to 4

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v3.12.0

Deprecate install input by @crazy-max in docker/setup-buildx-action#455

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432

Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Fix keep-state not being respected by @crazy-max in docker/setup-buildx-action#429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Keep BuildKit state support by @crazy-max in docker/setup-buildx-action#427

Remove aliases created when installing by default by @hashhar in docker/setup-buildx-action#139

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/setup-buildx-action#422 docker/setup-buildx-action#425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

v3.10.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-buildx-action#408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Bump @docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

... (truncated)

Commits

d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
92bc5c9 chore: update generated content
da11e35 build(deps): bump @docker/actions-toolkit from 0.79.0 to 0.90.0
f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
b5af94f chore: update generated content
16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0

Bumps the github-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2` | `3` | | [azure/setup-helm](https://github.com/azure/setup-helm) | `4` | `5` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `9.2.0` | `9.2.1` | | [robinraju/release-downloader](https://github.com/robinraju/release-downloader) | `1.12` | `1.13` | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.5` | `4.36.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `97e0b3872f55f89b95b2f65b3dbab56962816478` | `314ff8b43182423b84c50b1670b0e10f858f2d98` | Updates `softprops/action-gh-release` from 2 to 3 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@v2...v3) Updates `azure/setup-helm` from 4 to 5 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](Azure/setup-helm@v4...v5) Updates `golangci/golangci-lint-action` from 9.2.0 to 9.2.1 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](golangci/golangci-lint-action@v9.2.0...v9.2.1) Updates `robinraju/release-downloader` from 1.12 to 1.13 - [Release notes](https://github.com/robinraju/release-downloader/releases) - [Commits](robinraju/release-downloader@v1.12...v1.13) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@bbbca2d...043fb46) Updates `github/codeql-action` from 4.32.5 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c793b71...7211b7c) Updates `aquasecurity/trivy-action` from 97e0b3872f55f89b95b2f65b3dbab56962816478 to 314ff8b43182423b84c50b1670b0e10f858f2d98 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@97e0b38...314ff8b) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: azure/setup-helm dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-version: 9.2.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: robinraju/release-downloader dependency-version: '1.13' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 314ff8b43182423b84c50b1670b0e10f858f2d98 dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 25, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group across 1 directory with 10 updates#155

Bump the github-actions group across 1 directory with 10 updates#155
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-0f58aa3e01

dependabot Bot commented on behalf of github May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 25, 2026

v3.0.0

What's Changed

Other Changes 🔄

v2.6.2

What's Changed

Other Changes 🔄

v2.6.1

What's Changed

Bug fixes 🐛

v2.6.0

What's Changed

0.1.13

v5.0.0

Changed

v4.3.1

Changed

Added

v4.3.0

v4.2.0

v4.1.0

[4.3.0] - 2025-02-15

[4.2.0] - 2024-04-15

[4.1.0] - 2024-03-01

[4.0.0] - 2024-02-12

v9.2.1

What's Changed

Changes

Dependencies

Release Downloader v1.13

What's Changed

New Contributors

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v4.0.0

v3.12.0

v3.11.1

v3.11.0

v3.10.0

v3.9.0

v3.8.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants