Skip to content

chore(deps): Bump the actions group with 6 updates#1

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-9226f53344
Open

chore(deps): Bump the actions group with 6 updates#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-9226f53344

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 8, 2026

Copy link
Copy Markdown

Bumps the actions group with 6 updates:

Package From To
dorny/paths-filter 3 4
DavidAnson/markdownlint-cli2-action 16 24
actions/setup-python 5 6
googleapis/release-please-action 4 5
gitleaks/gitleaks-action 2 3
anchore/scan-action 4 7

Updates dorny/paths-filter from 3 to 4

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v3...v3.0.3

v3.0.2

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v3...v3.0.2

v3.0.1

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v3...v3.0.1

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.2

v4.0.1

v4.0.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.1

v2.11.0

v2.10.2

v2.10.1

v2.10.0

v2.9.3

... (truncated)

Commits
  • 7b450ff docs: update changelog for v4.0.2 (#318)
  • 9280377 fix: work around git dubious ownership errors in container jobs (#317)
  • f3ceefd fix: use rev-parse instead of branch --show-current for older git compat (#303)
  • 61f87a1 chore: fix GitHub spelling in logs (#278)
  • b82ff81 fix warning message (#282)
  • fbd0ab8 feat: add merge_group event support
  • efb1da7 feat: add dist/ freshness check to PR workflow
  • d8f7b06 Merge pull request #302 from dorny/issue-299
  • addbc14 Update README for v4
  • 9d7afb8 Update CHANGELOG for v4.0.0
  • Additional commits viewable in compare view

Updates DavidAnson/markdownlint-cli2-action from 16 to 24

Release notes

Sourced from DavidAnson/markdownlint-cli2-action's releases.

Update markdownlint-cli2 version (markdownlint-cli2 v0.23.0, markdownlint v0.41.0).

No release notes provided.

Add package-lock.json.

No release notes provided.

Update markdownlint-cli2 version (markdownlint-cli2 v0.22.1, markdownlint v0.40.0).

No release notes provided.

Update markdownlint-cli2 version (markdownlint-cli2 v0.22.0, markdownlint v0.40.0), update Node.js dependency to 24.

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.20.0, markdownlint v0.40.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.19.0, markdownlint v0.39.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.18.1, markdownlint v0.38.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.17.2, markdownlint v0.37.4).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.17.0, markdownlint v0.37.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.15.0, markdownlint v0.36.1).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.14.0, markdownlint v0.35.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.13.0, markdownlint v0.34.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.12.1, markdownlint v0.33.0).

Update markdownlint version (markdownlint-cli2 v0.11.0, markdownlint v0.32.1), remove deprecated "command" input.

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.10.0, markdownlint v0.31.1).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.9.2, markdownlint v0.30.0).

No release notes provided.

Update markdownlint version (markdownlint-cli2 v0.8.1, markdownlint v0.29.0), add "config" and "fix" inputs, deprecate "command" input.

No release notes provided.

... (truncated)

Commits
  • 8de2aa0 Update to version 24.0.0.
  • 982cff1 Freshen generated package-lock.json file.
  • 2e007a0 Freshen generated index.js file.
  • b25b041 Freshen generated index.js file.
  • d9ad570 Bump markdownlint-cli2 from 0.22.1 to 0.23.0
  • 2d0ebec Address new lint error from previous commit, freshen generated index.js file.
  • fcff116 Bump eslint-plugin-unicorn from 66.0.0 to 68.0.0
  • 7c80680 Bump actions/checkout from 6 to 7
  • 501326c Freshen generated index.js file.
  • 2bfaeca Address new lint error from previous commit, freshen generated index.js file.
  • Additional commits viewable in compare view

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Bug fixes:

... (truncated)

Commits

Updates googleapis/release-please-action from 4 to 5

Release notes

Sourced from googleapis/release-please-action's releases.

v5.0.0

5.0.0 (2026-04-22)

⚠ BREAKING CHANGES

  • upgrade to node24 (#1188)

Features

Bug Fixes

  • bump release-please from 17.3.0 to 17.6.0 (#1199) (f533c26)

v4.4.1

4.4.1 (2026-02-20)

Bug Fixes

  • bump release-please from 17.1.3 to 17.3.0 (#1183) (ef9c274)

v4.4.0

4.4.0 (2025-10-09)

Features

  • add ability to select versioning-strategy and release-as (#1121) (ee0f5ba)

Bug Fixes

  • changelog-host parameter ignored when using manifest configuration (#1151) (535c413)
  • bump mocha from 11.7.1 to 11.7.2 in the npm_and_yarn group across 1 directory (#1149) (3612a99)
  • bump release-please from 17.1.2 to 17.1.3 (#1158) (66fbfe9)

v4.3.0

4.3.0 (2025-08-20)

Features

  • deps: update release-please to 17.1.2 (f07192c)

v4.2.0

4.2.0 (2025-03-07)

... (truncated)

Changelog

Sourced from googleapis/release-please-action's changelog.

4.1.1 (2024-05-14)

Bug Fixes

  • bump release-please from 16.10.0 to 16.10.2 (#969) (aa764e0)
  • bump the npm_and_yarn group with 1 update (#967) (ce529d4)

4.1.0 (2024-03-11)

Features

  • add changelog-host input to action.yml (#948) (863b06f)

4.0.3 (2024-03-11)

Bug Fixes

  • bump release-please from 16.5.0 to 16.10.0 (#953) (d7e88e0)

4.0.2 (2023-12-18)

Bug Fixes

4.0.1 (2023-12-07)

Bug Fixes

  • bump release-please from 16.3.1 to 16.4.0 (#897) (2463dad)

4.0.0 (2023-12-01)

⚠ BREAKING CHANGES

  • remove most configuration options in favor of manifest configuration to configure the release-please-action
  • rewrite in typescript
  • remove command option in favor of setting release-type and skip-github-release/skip-github-pull-request
  • run on node20
  • deps: upgrade release-please to v16
  • v4 release

Features

... (truncated)

Commits

Updates gitleaks/gitleaks-action from 2 to 3

Release notes

Sourced from gitleaks/gitleaks-action's releases.

v3.0.0

What's changed

gitleaks-action v3 migrates the runtime from Node 20 to Node 24. No changes to inputs, outputs, or behavior. Update your workflow from gitleaks/gitleaks-action@v2 to gitleaks/gitleaks-action@v3.

Migration

# Before
- uses: gitleaks/gitleaks-action@v2
After

uses: gitleaks/gitleaks-action@v3

Why

GitHub is deprecating the Node 20 runtime for Actions:

  • June 2, 2026: GitHub flips the runner default to Node 24. Workflows using gitleaks-action@v2 (Node 20) will still run, but only if ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true is set as an environment variable.
  • September 16, 2026: Node 20 is removed from GitHub-hosted runners entirely. gitleaks-action@v2 stops working regardless of any opt-out flag.

Changes

  • action.yml: runtime node20node24
  • @actions/core: 1.10.0 → 1.11.1
  • dist/ rebuilt
  • Example workflows updated to actions/checkout@v6 and gitleaks-action@v3
  • README updated with v3 migration guide

Self-hosted runners

If you use self-hosted runners, ensure your runner version is >= v2.327.1 (required for Node 24 support).

v2.3.9

What's Changed

Full Changelog: gitleaks/gitleaks-action@v2.3.8...v2.3.9

v2.3.8

What's Changed

New Contributors

Full Changelog: gitleaks/gitleaks-action@v2.3.7...v2.3.8

... (truncated)

Commits

Updates anchore/scan-action from 4 to 7

Release notes

Sourced from anchore/scan-action's releases.

v7.0.0

New in scan-action v7.0.0

  • chore(deps): update Grype to v0.100.0 (#516)

v6.5.1

New in scan-action v6.5.1

  • Update Grype to v0.97.1 (#495)

v6.5.0

New in scan-action v6.5.0

v6.4.0

New in scan-action v6.4.0

  • Update Grype to v0.95.0 (#486)
  • chore(deps-dev): bump eslint from 9.30.0 to 9.30.1 (#485)
  • chore(deps-dev): bump lint-staged from 16.1.0 to 16.1.2 (#476)
  • chore(deps-dev): bump jest from 30.0.0 to 30.0.3 (#481)
  • chore(deps-dev): bump prettier from 3.5.3 to 3.6.2 (#483)
  • chore(deps-dev): bump eslint from 9.28.0 to 9.30.0 (#484)

v6.3.0

New in scan-action v6.3.0

  • Update Grype to v0.94.0 (#470)

v6.2.0

New in scan-action v6.2.0

  • feat: update Scan action to use grype db v6 (#462) [spiffcs]

v6.1.0

New in scan-action v6.1.0

v6.0.0

New in scan-action v6.0.0

Breaking Change

  • feat: add output-file option, default to random directory output in temp (#346) [kzantow]

The action no longer generates files in your working directory by default, instead you should use the action outputs: ${{ steps.<id>.outputs.sarif }} where the <id> needs to match the id you configured to reference the scan-action, e.g.:

</tr></table> 

... (truncated)

Commits
  • e116508 chore: bump fast-xml-parser from 5.5.6 to 5.5.7 + setup-node (#631)
  • 382a23a chore(deps): update Grype to v0.110.0 (#618)
  • 2898213 chore: update to node 24 (#629)
  • 4e1eb5b chore: update to modules and bump all deps (required for new @​actions librari...
  • 8ed60d1 chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#617)
  • 5a271d2 chore(deps-dev): bump lint-staged from 16.3.1 to 16.3.2 (#619)
  • 6d37af2 chore(deps-dev): bump jest from 30.2.0 to 30.3.0 (#625)
  • 50a8160 chore(deps-dev): bump tar from 7.5.10 to 7.5.11 (#620)
  • daeb723 chore(deps): bump undici from 6.23.0 to 6.24.1 (#622)
  • 6471a7e chore(deps): bump fast-xml-parser from 5.3.6 to 5.5.6 (#626)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3` | `4` |
| [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) | `16` | `24` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` |
| [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4` | `5` |
| [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2` | `3` |
| [anchore/scan-action](https://github.com/anchore/scan-action) | `4` | `7` |


Updates `dorny/paths-filter` from 3 to 4
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](dorny/paths-filter@v3...v4)

Updates `DavidAnson/markdownlint-cli2-action` from 16 to 24
- [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases)
- [Commits](DavidAnson/markdownlint-cli2-action@v16...v24)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

Updates `googleapis/release-please-action` from 4 to 5
- [Release notes](https://github.com/googleapis/release-please-action/releases)
- [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md)
- [Commits](googleapis/release-please-action@v4...v5)

Updates `gitleaks/gitleaks-action` from 2 to 3
- [Release notes](https://github.com/gitleaks/gitleaks-action/releases)
- [Commits](gitleaks/gitleaks-action@v2...v3)

Updates `anchore/scan-action` from 4 to 7
- [Release notes](https://github.com/anchore/scan-action/releases)
- [Changelog](https://github.com/anchore/scan-action/blob/main/RELEASE.md)
- [Commits](anchore/scan-action@v4...v7)

---
updated-dependencies:
- dependency-name: dorny/paths-filter
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: DavidAnson/markdownlint-cli2-action
  dependency-version: '24'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: googleapis/release-please-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: gitleaks/gitleaks-action
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: anchore/scan-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants