Skip to content

chore(deps): bump the minor-and-patch group across 1 directory with 6 updates#306

Merged
phil-davis merged 1 commit into
mainfrom
dependabot/github_actions/minor-and-patch-7b5918dae0
Jun 8, 2026
Merged

chore(deps): bump the minor-and-patch group across 1 directory with 6 updates#306
phil-davis merged 1 commit into
mainfrom
dependabot/github_actions/minor-and-patch-7b5918dae0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 7, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 6 updates in the / directory:

Package From To
actions/checkout 6.0.2 6.0.3
shivammathur/setup-php 2.37.0 2.37.1
actions/cache 5.0.4 5.0.5
actions/upload-artifact 7.0.0 7.0.1
actions/setup-node 6.3.0 6.4.0
peaceiris/actions-gh-pages 4.0.0 4.1.0

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

... (truncated)

Commits

Updates shivammathur/setup-php from 2.37.0 to 2.37.1

Release notes

Sourced from shivammathur/setup-php's releases.

2.37.1

Changelog

Security Updates

[!NOTE] This can affect workflows that pass values from users or pull requests to setup-php, for example from comments, dispatch inputs, PR titles/branches, generated matrices, or files such as .php-version and composer.json. Be especially careful with pull_request_target workflows that use any value from the pull request. Workflows that only use fixed trusted values are not expected to be affected, but updating to 2.37.1 is recommended.

[!NOTE]
This only affects workflows where the composer version is pinned like composer:2.9.7, workflows that do not pin the version or use composer:v2 are not affected as those get automatic updates. In case you pin the version, it is highly recommended to upgrade and have automation to do such timely upgrades in your workflows.

Fixes and Improvements

  • Fixed support for phalcon on Windows.

  • Fixed restoring tools when using cached using previous runs.

  • Improved enabling gearman extension on Linux.

  • Fixed fallback when installing PhpManager and VcRedist modules on Windows.

  • Fixed parsing extension inputs with backslash line continuation.

  • Improved workflow examples

    • Added workflow examples for Drupal 11 composer-managed projects and WordPress plugins.
    • Added workflow examples for Yii3 web applications and replaced Yii2 Starter Kit examples.
    • Updated workflow examples to use currently supported PHP versions.

  • Updated OS release mappings for newer Ubuntu releases.

  • Updated internal workflows for Codecov v6 and NPM trusted publishing.

  • Updated Node.js dependencies.

  • Fixed composer version in README. (#1081)

Thanks @​Pyker for the contribution

For the complete list of changes, please refer to the Full Changelog

Commits

Updates actions/cache from 5.0.4 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

  • Bump @actions/cache to v5.0.3 #1692

5.0.1

  • Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • See full diff in compare view

Updates actions/setup-node from 6.3.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

New Contributors

Full Changelog: actions/setup-node@v6...v6.4.0

Commits

Updates peaceiris/actions-gh-pages from 4.0.0 to 4.1.0

Release notes

Sourced from peaceiris/actions-gh-pages's releases.

actions-github-pages v4.1.0

See CHANGELOG.md for more details.

What's Changed

New Contributors

Full Changelog: peaceiris/actions-gh-pages@v4.0.0...v4.1.0

Changelog

Sourced from peaceiris/actions-gh-pages's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

4.1.0 (2026-05-12)

chore

ci

docs

4.0.0 (2024-04-08)

build

chore

ci

docs

... (truncated)

Commits
  • 84c30a8 chore(release): 4.1.0
  • 6fa0f50 chore(release): Add build assets
  • 3b7506a chore(deps): update dependency trim-newlines to v5 (#1158)
  • aa0466c ci: harden GitHub Actions workflows (#1156)
  • 31835fb chore(deps): update actions/labeler action to v6 (#1153)
  • f4f1bc4 chore(deps): update peaceiris/actions-mdbook action to v2 (#1161)
  • a5e4979 chore(deps): update dependency ubuntu to v24 (#1159)
  • 6cc3bac chore(deps): update github/codeql-action action to v4 (#1160)
  • 0d6e9f4 chore(deps): update actions/setup-node action to v6 (#1154)
  • d70c101 chore(deps): update actions/upload-artifact action to v7 (#1155)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 7, 2026
@kw-security

kw-security commented Jun 7, 2026
edited
Loading

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@phil-davis phil-davis mentioned this pull request Jun 8, 2026
Merged
@phil-davis

phil-davis commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

ToDo: rebase after #307 is merged.

@phil-davis

phil-davis commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

@dependabot rebase

@dependabot
chore(deps): bump the minor-and-patch group across 1 directory with 6…
5b2a14b 
… updates

Bumps the minor-and-patch group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` |
| [shivammathur/setup-php](https://github.com/shivammathur/setup-php) | `2.37.0` | `2.37.1` |
| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |
| [peaceiris/actions-gh-pages](https://github.com/peaceiris/actions-gh-pages) | `4.0.0` | `4.1.0` |



Updates `actions/checkout` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...df4cb1c)

Updates `shivammathur/setup-php` from 2.37.0 to 2.37.1
- [Release notes](https://github.com/shivammathur/setup-php/releases)
- [Commits](shivammathur/setup-php@accd612...7c071df)

Updates `actions/cache` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@6682284...27d5ce7)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@53b8394...48b55a0)

Updates `peaceiris/actions-gh-pages` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/peaceiris/actions-gh-pages/releases)
- [Changelog](https://github.com/peaceiris/actions-gh-pages/blob/main/CHANGELOG.md)
- [Commits](peaceiris/actions-gh-pages@4f9cc66...84c30a8)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: peaceiris/actions-gh-pages
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: shivammathur/setup-php
  dependency-version: 2.37.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/minor-and-patch-7b5918dae0 branch from e454fd3 to 5b2a14b Compare June 8, 2026 03:49
@phil-davis phil-davis merged commit f59a4b5 into main Jun 8, 2026
14 of 15 checks passed
@phil-davis phil-davis deleted the dependabot/github_actions/minor-and-patch-7b5918dae0 branch June 8, 2026 04:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@phil-davis phil-davis phil-davis approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kw-security @phil-davis