Home Original page

ci: bump the github-actions group across 1 directory with 8 updates by dependabot[bot] · Pull Request #1435 · python-semantic-release/python-semantic-release

Bumps the github-actions group with 8 updates in the / directory:

Package From To
actions/checkout 6.0.1 6.0.2
tj-actions/changed-files 47.0.1 47.0.4
actions/download-artifact 7.0.0 8.0.0
actions/setup-python 6.1.0 6.2.0
actions/stale 10.1.1 10.2.0
actions/upload-artifact 6.0.0 7.0.0
mikepenz/action-junit-report 6.0.1 6.3.1
docker/build-push-action 6.18.0 6.19.2

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

... (truncated)

Commits
  • de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
  • 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
  • See full diff in compare view

Updates tj-actions/changed-files from 47.0.1 to 47.0.4

Release notes

Sourced from tj-actions/changed-files's releases.

v47.0.4

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.3...v47.0.4

v47.0.3

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.2...v47.0.3

v47.0.2

What's Changed

Full Changelog: tj-actions/changed-files@v47.0.1...v47.0.2

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

47.0.4 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.6 (#2801) (7dee1b0) - (Tonye Jack)

47.0.3 - (2026-02-17)

🔄 Update

  • Release-tagger action to version 6.0.0 (#2800) (28b28f6) - (Tonye Jack)

⚙️ Miscellaneous Tasks

  • deps: Bump github/codeql-action from 4.31.10 to 4.32.2 (#2790) (875e6e5) - (dependabot[bot])

47.0.2 - (2026-02-09)

🚀 Features

  • Add support for excluding symlinks and fix bug with commit not found (#2770) (8c4da28) - (Tonye Jack)

🐛 Bug Fixes

🔄 Update

  • Updated README.md (#2771)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (7d5bbf4) - (github-actions[bot])

  • Updated README.md (#2768)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@​users.noreply.github.com> (b3bb1f8) - (github-actions[bot])

  • Update README.md (c6a5847) - (Tonye Jack)

⚙️ Miscellaneous Tasks

  • deps: Bump actions/setup-node from 6.1.0 to 6.2.0 (#2766) (8cba46e) - (dependabot[bot])
  • deps-dev: Bump @​types/node from 25.0.0 to 25.2.2 (#2793) (925972f) - (dependabot[bot])
  • deps: Bump @​stdlib/utils-convert-path from 0.2.2 to 0.2.3 (#2795) (a98754b) - (dependabot[bot])
  • deps: Bump actions/checkout from 6.0.1 to 6.0.2 (#2777) (9c13e73) - (dependabot[bot])
  • deps-dev: Bump @​types/lodash from 4.17.21 to 4.17.23 (#2759) (16d791c) - (dependabot[bot])
  • deps-dev: Bump eslint-plugin-jest from 29.11.0 to 29.12.1 (#2756) (8e056de) - (dependabot[bot])
  • deps: Bump github/codeql-action from 4.31.7 to 4.31.10 (#2761) (078e2bc) - (dependabot[bot])
  • Update matrix-example.yml (#2752) (2f2f6cf) - (Tonye Jack)
  • Update dist (#2769) (8262acc) - (Tonye Jack)
  • deps: Bump @​actions/core from 2.0.0 to 2.0.2 (#2757) (daf9d2d) - (dependabot[bot])

... (truncated)

Commits
  • 7dee1b0 update: release-tagger action to version 6.0.6 (#2801)
  • 28b28f6 update: release-tagger action to version 6.0.0 (#2800)
  • 875e6e5 chore(deps): bump github/codeql-action from 4.31.10 to 4.32.2 (#2790)
  • 8cba46e chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 (#2766)
  • 925972f chore(deps-dev): bump @​types/node from 25.0.0 to 25.2.2 (#2793)
  • a98754b chore(deps): bump @​stdlib/utils-convert-path from 0.2.2 to 0.2.3 (#2795)
  • 9c13e73 chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#2777)
  • caee9d9 fix: Update test.yml (#2781)
  • 16d791c chore(deps-dev): bump @​types/lodash from 4.17.21 to 4.17.23 (#2759)
  • 8e056de chore(deps-dev): bump eslint-plugin-jest from 29.11.0 to 29.12.1 (#2756)
  • Additional commits viewable in compare view

Updates actions/download-artifact from 7.0.0 to 8.0.0

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • 96bf374 One more test fix
  • b8c4819 Fix skip decompress test
  • Additional commits viewable in compare view

Updates actions/setup-python from 6.1.0 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

Full Changelog: actions/setup-python@v6...v6.2.0

Commits

Updates actions/stale from 10.1.1 to 10.2.0

Release notes

Sourced from actions/stale's releases.

v10.2.0

What's Changed

Bug Fix

Dependency Updates

New Contributors

Full Changelog: actions/stale@v10...v10.2.0

Commits

Updates actions/upload-artifact from 6.0.0 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

Updates mikepenz/action-junit-report from 6.0.1 to 6.3.1

Release notes

Sourced from mikepenz/action-junit-report's releases.

v6.3.1

📦 Dependencies

  • Upgrade NPM dependencies

Contributors:

v6.3.0

🚀 Features

  • Upgrade npm dependencies to latest major versions
  • Support <error> Nodes Like <failure> in JUnit Parsing

📦 Dependencies

  • Upgrade npm dependencies to latest major versions
  • Bump minimatch from 3.1.2 to 3.1.4 in the npm_and_yarn group across 1 directory
  • build: upgrade dependencies to latest versions, including ESLint 10

Contributors:

v6.2.0

🐛 Fixes

  • Add space before test time in annotation output - FIX #1489
  • Fix: Apply transformers to FILE_NAME in check_title_template

💬 Other

  • doc: update example versions in readme
  • chore: remove globals from devDependencies

📦 Dependencies

  • Update dependencies and code changes | GitHub Dependency upgrade to 9.x

... (truncated)

Commits
  • 49b2ca0 Merge pull request #1512 from mikepenz/fix/npm-security-issues
  • 60b6198 build: fix high severity security vulnerabilities in serialize-javascript and...
  • 5e05ac0 feat: support <error> nodes like <failure> in JUnit parsing
  • e4a5c3f fix: resolve malformed XML fixture and update test expectations
  • 5c13267 Merge pull request #1511 from mikepenz/feature/dependency_upgrades_20260225
  • e35917f build: replace @​actions/glob with glob package to fix Node 24 compatibility
  • e2e0c50 build: add .npmrc to enable legacy-peer-deps for ESLint 10 compatibility
  • 99b18ab build: upgrade dependencies to latest versions, including ESLint 10
  • 4828087 Merge pull request #1510 from mikepenz/dependabot/npm_and_yarn/npm_and_yarn-c...
  • 0e4454d Bump minimatch in the npm_and_yarn group across 1 directory
  • Additional commits viewable in compare view

Updates docker/build-push-action from 6.18.0 to 6.19.2

Release notes

Sourced from docker/build-push-action's releases.

v6.19.2

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

Commits
  • 10e90e3 Merge pull request #1458 from crazy-max/git-auth-port
  • 5262538 chore: update generated content
  • cd130e4 preserve port in GIT_AUTH_TOKEN host
  • 806c751 Merge pull request #1452 from crazy-max/update-yarn
  • 601a80b Merge pull request #1456 from crazy-max/auth-token-dyn-host
  • 8f7fd7c chore: update generated content
  • 710e335 derive GIT_AUTH_TOKEN host from GitHub server URL
  • c4ca848 update yarn to 4.9.2
  • ee4ca42 Merge pull request #1398 from docker/dependabot/npm_and_yarn/tmp-0.2.4
  • f1b3bb5 chore: update generated content
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions