ci(deps): bump the github-actions group across 1 directory with 24 updates by dependabot[bot] · Pull Request #86 · inferadb/engine

dependabot · 2026-04-27T10:37:37Z

Bumps the github-actions group with 24 updates in the /.github/workflows directory:

Package	From	To
step-security/harden-runner	`2.13.3`	`2.19.0`
actions/checkout	`4.2.2`	`6.0.2`
step-security/mise-action	`3.4.1`	`4.0.1`
step-security/rust-cache	`2.8.2`	`2.9.1`
benchmark-action/github-action-benchmark	`1.20.7`	`1.22.0`
step-security/action-gh-release	`2.5.0`	`2.6.1`
mozilla-actions/sccache-action	`0.0.9`	`0.0.10`
step-security/setup-buildx-action	`3.11.1`	`4.0.0`
step-security/docker-login-action	`3.6.0`	`4.1.0`
docker/metadata-action	`5.7.0`	`6.0.0`
step-security/docker-build-push-action	`6.18.0`	`7.1.0`
actions/upload-artifact	`4.6.2`	`7.0.1`
actions/download-artifact	`4.3.0`	`8.0.1`
anchore/sbom-action	`0.20.0`	`0.24.0`
step-security/action-semantic-pull-request	`6.1.1`	`6.1.2`
step-security/paths-filter	`3.0.5`	`4.0.1`
taiki-e/install-action	`2.67.18`	`2.75.22`
actions/cache	`4.2.2`	`5.0.5`
step-security/publish-unit-test-result-action	`2.21.1`	`2.23.0`
codecov/codecov-action	`5.5.2`	`6.0.0`
github/codeql-action	`3.28.18`	`4.35.2`
aquasecurity/trivy-action	`0.31.0`	`0.36.0`
googleapis/release-please-action	`4.4.0`	`5.0.0`
actions/dependency-review-action	`4.8.2`	`4.9.0`

Updates step-security/harden-runner from 2.13.3 to 2.19.0

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.0

What's Changed

New Runner Support

Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.

Automated Incident Response for Supply Chain Attacks

Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.

System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).

Bug Fixes

Windows and macOS: stability and reliability fixes

Full Changelog: step-security/harden-runner@v2.18.0...v2.19.0

v2.18.0

What's Changed

Global Block List: During supply chain incidents like the recent axios and trivy compromises, StepSecurity will add known malicious domains and IP addresses (IOCs) to a global block list. These will be automatically blocked, even in audit mode, providing immediate protection without requiring any workflow changes.

Deploy on Self-Hosted VM: Added deploy-on-self-hosted-vm input that allows the Harden Runner agent to be installed directly on ephemeral self-hosted Linux runner VMs at workflow runtime. This is intended as an alternative when baking the agent into the VM image is not possible.

Full Changelog: step-security/harden-runner@v2.17.0...v2.18.0

v2.17.0

What's Changed

Policy Store Support

Added use-policy-store and api-key inputs to fetch security policies directly from the StepSecurity Policy Store. Policies can be defined and attached at the workflow, repo, org, or cluster (ARC) level, with the most granular policy taking precedence. This is the preferred method over the existing policy input which requires id-token: write permission. If no policy is found in the store, the action defaults to audit mode.

Full Changelog: step-security/harden-runner@v2.16.1...v2.17.0

v2.16.1

What's Changed

Enterprise tier: Added support for direct IP addresses in the allow list Community tier: Migrated Harden Runner telemetry to a new endpoint

Full Changelog: step-security/harden-runner@v2.16.0...v2.16.1

v2.16.0

What's Changed

Updated action.yml to use node24

Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS over HTTPS (DoH) by proxying DNS queries through a permitted resolver, allowing data exfiltration even with a restrictive allowed-endpoints list. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-46g3-37rh-v698 for details.

Security fix: Fixed a medium severity vulnerability where the egress block policy could be bypassed via DNS queries over TCP to external resolvers, allowing outbound network communication that evades configured network restrictions. This issue only affects the Community Tier; the Enterprise Tier is not affected. See GHSA-g699-3x6g-wm3g for details.

Full Changelog: step-security/harden-runner@v2.15.1...v2.16.0

v2.15.1

What's Changed

Fixes step-security/harden-runner#642 bug due to which post step was failing on Windows ARM runners

Updates npm packages

... (truncated)

Commits

8d3c67d Release v2.19.0 (#661)
6c3c2f2 Feature/deploy on self hosted vm (#658)
f808768 Feature/policy store (#656)
fe10465 v2.16.1 (#654)
fa2e9d6 Release v2.16.0 (#646)
58077d3 Release v2.15.1 (#641)
a90bcbc Update readme (#637)
f0a59d8 Release v2.15.0 (#639)
5ef0c07 Merge pull request #635 from step-security/rc-34
eb43c7b update agent
Additional commits viewable in compare view

Updates actions/checkout from 4.2.2 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @TingluoHuang in actions/checkout#2355

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Update all references from v5 and v4 to v6 by @ericsciple in actions/checkout#2314

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

Clarify v6 README by @ericsciple in actions/checkout#2328

Full Changelog: actions/checkout@v6...v6.0.1

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates step-security/mise-action from 3.4.1 to 4.0.1

Release notes

Sourced from step-security/mise-action's releases.

v4.0.1

What's Changed

chore: Cherry-picked changes from upstream by @amanstep in step-security/mise-action#205

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/mise-action#207

fix: Security updates by @github-actions[bot] in step-security/mise-action#208

Full Changelog: step-security/mise-action@v3...v4.0.1

v3.6.2

What's Changed

fix: Security updates by @github-actions[bot] in step-security/mise-action#196

fix: Security updates by @github-actions[bot] in step-security/mise-action#197

fix: Security updates by @github-actions[bot] in step-security/mise-action#198

fix: Security updates by @github-actions[bot] in step-security/mise-action#199

fix: upgraded deps to fix vulnerabilities by @Raj-StepSecurity in step-security/mise-action#200

fix: Security updates by @github-actions[bot] in step-security/mise-action#201

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/mise-action#202

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/mise-action#203

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/mise-action#204

Full Changelog: step-security/mise-action@v3...v3.6.2

v3.6.1

What's Changed

fix: Security updates by @github-actions[bot] in step-security/mise-action#190

fix: remove husky by @Raj-StepSecurity in step-security/mise-action#192

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/mise-action#191

fix: Security updates by @github-actions[bot] in step-security/mise-action#193

chore: Cherry-picked changes from upstream by @Raj-StepSecurity in step-security/mise-action#195

Full Changelog: step-security/mise-action@v3...v3.6.1

v3.5.1

What's Changed

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/mise-action#188

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/mise-action#189

Full Changelog: step-security/mise-action@v3...v3.5.1

Commits

c7396e2 Merge pull request #208 from step-security/npm-audit-fix
b9722aa fix: apply audit fixes
6b3a113 fix: apply audit fixes
b8ed6bc fix: apply audit fixes
d25d72b fix: apply audit fixes
9e6e870 Merge pull request #207 from step-security/auto-cherry-pick
343774c chore: cherry-picked conflicting changes
3660f92 chore: cherry-picked conflicting changes
d1a0b66 fix: apply code build script
77dca75 fix: apply code build script
Additional commits viewable in compare view

Updates step-security/rust-cache from 2.8.2 to 2.9.1

Release notes

Sourced from step-security/rust-cache's releases.

v2.9.1

What's Changed

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/rust-cache#280

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/rust-cache#281

fix: test vulns fixed by @Raj-StepSecurity in step-security/rust-cache#279

Full Changelog: step-security/rust-cache@v2...v2.9.1

v2.8.4

What's Changed

[StepSecurity] Apply security best practices by @stepsecurity-app[bot] in step-security/rust-cache#265

fix: Security updates by @github-actions[bot] in step-security/rust-cache#267

fix: Security updates by @github-actions[bot] in step-security/rust-cache#269

fix: Security updates by @github-actions[bot] in step-security/rust-cache#270

fix: Security updates by @github-actions[bot] in step-security/rust-cache#271

fix: Security updates by @github-actions[bot] in step-security/rust-cache#272

fix: Security updates by @github-actions[bot] in step-security/rust-cache#273

fix: Security updates by @github-actions[bot] in step-security/rust-cache#274

fix: upgrade packages to fix vulnerabilities by @Raj-StepSecurity in step-security/rust-cache#275

fix: Security updates by @github-actions[bot] in step-security/rust-cache#276

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/rust-cache#277

fix: Security updates by @github-actions[bot] in step-security/rust-cache#278

New Contributors

@stepsecurity-app[bot] made their first contribution in step-security/rust-cache#265

Full Changelog: step-security/rust-cache@v2...v2.8.4

v2.8.3

What's Changed

fix: added test vulns to osv scanner by @Raj-StepSecurity in step-security/rust-cache#251

ci: reduce workflow test cases by @Raj-StepSecurity in step-security/rust-cache#259

fix: Security updates by @github-actions[bot] in step-security/rust-cache#263

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/rust-cache#262

ci: Update multi-job-cache.yml by @Raj-StepSecurity in step-security/rust-cache#264

fix: Security updates by @github-actions[bot] in step-security/rust-cache#266

Full Changelog: step-security/rust-cache@v2...v2.8.3

Commits

851174d fix: test vulns fixed (#279)
f0d17cd Merge branch 'main' into fix/test-vulnerabilities-fixed
90bb4a5 chore: Cherry-picked changes from upstream (#281)
595123a Merge pull request #280 from step-security/auto-cherry-pick
b1072eb conflicted commits cherry-picked
374bbf5 fix: apply code build script
dd5ecff fix: apply code build script
7791ac0 Compare case-insenitively for full cache key match (#303)
49df1bd Consider all installed toolchains in cache key (#293)
84286e5 Consider all installed toolchains in cache key (#293)
Additional commits viewable in compare view

Updates benchmark-action/github-action-benchmark from 1.20.7 to 1.22.0

Release notes

Sourced from benchmark-action/github-action-benchmark's releases.

v1.22.0

chore bump node to 24 (#339)

Full Changelog: benchmark-action/github-action-benchmark@v1.21.0...v1.22.0

v1.21.0

fix include package name for duplicate bench names (#330)

fix avoid duplicate package suffix in Go benchmarks (#337)

Full Changelog: benchmark-action/github-action-benchmark@v1.20.7...v1.21.0

Changelog

Sourced from benchmark-action/github-action-benchmark's changelog.

Unreleased

v1.22.0 - 31 Mar 2026

chore bump node to 24 (#339)

v1.21.0 - 02 Mar 2026

fix include package name for duplicate bench names (#330)

fix avoid duplicate package suffix in Go benchmarks (#337)

v1.20.7 - 06 Sep 2025

fix improve parsing for custom benchmarks (#323)

v1.20.5 - 02 Sep 2025

feat allow to parse generic cargo bench/criterion units (#280)

fix add summary even when failure threshold is surpassed (#285)

fix time units are not normalized (#318)

v1.20.4 - 23 Oct 2024

feat add typings and validation workflow (#257)

v1.20.3 - 19 May 2024

fix Catch2 v.3.5.0 changed output format (#247)

v1.20.2 - 19 May 2024

fix Support sub-nanosecond precision on Cargo benchmarks (#246)

v1.20.1 - 02 Apr 2024

fix release script

v1.20.0 - 02 Apr 2024

fix Rust benchmarks not comparing to baseline (#235)

feat Comment on PR and auto update comment (#223)

v1.19.3 - 02 Feb 2024

fix ratio is NaN when previous value is 0. Now, print 1 when both values are 0 and +-∞ when divisor is 0 (#222)

fix action hangs in some cases for go fiber benchmarks (#225)

v1.19.2 - 26 Jan 2024

fix markdown rendering for summary is broken (#218)

... (truncated)

Commits

a60cea5 release v1.22.0
a7bc236 release v1.21.0
See full diff in compare view

Updates step-security/action-gh-release from 2.5.0 to 2.6.1

Release notes

Sourced from step-security/action-gh-release's releases.

v2.6.1

What's Changed

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#67

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#68

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#69

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#70

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#71

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#72

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/action-gh-release#73

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/action-gh-release#74

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/action-gh-release#75

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/action-gh-release#76

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/action-gh-release#77

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#78

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/action-gh-release#79

Full Changelog: step-security/action-gh-release@v2...v2.6.1

Commits

dc29ef0 Merge pull request #79 from step-security/feat/update-subscription-check
2d33635 code formatted
41654ba feat: added banner and update subscription check to make maintained actions f...
22d0246 Merge pull request #78 from step-security/npm-audit-fix
2863adf fix: apply audit fixes
46527ac Merge pull request #77 from step-security/auto-cherry-pick
6b538bc package version upgraded
238aea5 fix: apply code build script
2d13517 fix: preserve discussion category when publishing releases (#765)
eb2ecd2 fix: preserve discussion category when publishing releases (#765)
Additional commits viewable in compare view

Updates mozilla-actions/sccache-action from 0.0.9 to 0.0.10

Release notes

Sourced from mozilla-actions/sccache-action's releases.

v0.0.10

What's Changed

Use tar on all platforms by @brianmichel in Mozilla-Actions/sccache-action#193

Bump eslint-plugin-prettier from 5.2.3 to 5.2.5 by @dependabot[bot] in Mozilla-Actions/sccache-action#196

Bump typescript from 5.7.2 to 5.8.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#195

Bump @types/node from 22.13.0 to 22.13.17 by @dependabot[bot] in Mozilla-Actions/sccache-action#194

Bump undici from 5.28.5 to 5.29.0 by @dependabot[bot] in Mozilla-Actions/sccache-action#204

Bump eslint-config-prettier from 9.1.0 to 10.1.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#201

Bump ts-jest from 29.2.6 to 29.3.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#200

Bump eslint-plugin-prettier from 5.2.5 to 5.5.4 by @dependabot[bot] in Mozilla-Actions/sccache-action#221

Bump eslint-config-prettier from 10.1.2 to 10.1.8 by @dependabot[bot] in Mozilla-Actions/sccache-action#214

Bump the github-actions group across 1 directory with 2 updates by @dependabot[bot] in Mozilla-Actions/sccache-action#220

Add job id to annotation title by @wetheredge in Mozilla-Actions/sccache-action#212

Bump @actions/io from 1.1.3 to 2.0.0 by @dependabot[bot] in Mozilla-Actions/sccache-action#228

Bump eslint-plugin-import from 2.31.0 to 2.32.0 by @dependabot[bot] in Mozilla-Actions/sccache-action#227

Bump actions/setup-node from 5 to 6 in the github-actions group by @dependabot[bot] in Mozilla-Actions/sccache-action#226

Bump @actions/github from 6.0.0 to 6.0.1 by @dependabot[bot] in Mozilla-Actions/sccache-action#233

Bump minimatch by @dependabot[bot] in Mozilla-Actions/sccache-action#239

Bump actions/checkout from 5 to 6 in the github-actions group by @dependabot[bot] in Mozilla-Actions/sccache-action#232

Bump ts-jest from 29.3.2 to 29.4.6 by @dependabot[bot] in Mozilla-Actions/sccache-action#240

Bump to node24 by @cakebaker in Mozilla-Actions/sccache-action#245

Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#248

Bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#249

Bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in Mozilla-Actions/sccache-action#250

Fix code block formatting in README.md by @baseplate-admin in Mozilla-Actions/sccache-action#246

Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#231

prepare version 0.0.10 by @sylvestre in Mozilla-Actions/sccache-action#251

New Contributors

@brianmichel made their first contribution in Mozilla-Actions/sccache-action#193

@wetheredge made their first contribution in Mozilla-Actions/sccache-action#212

@baseplate-admin made their first contribution in Mozilla-Actions/sccache-action#246

Full Changelog: Mozilla-Actions/sccache-action@v0.0.9...v0.0.10

Commits

9e7fa8a Merge pull request #251 from sylvestre/ver
3ca012d prepare version 0.0.10
7cf1643 Merge pull request #231 from Mozilla-Actions/dependabot/npm_and_yarn/js-yaml-...
b2be802 Merge pull request #246 from baseplate-admin/patch-1
84812a5 Merge pull request #250 from Mozilla-Actions/dependabot/npm_and_yarn/handleba...
4e28318 Merge pull request #249 from Mozilla-Actions/dependabot/npm_and_yarn/picomatc...
cfa813e Merge pull request #248 from Mozilla-Actions/dependabot/npm_and_yarn/flatted-...
ef3762b Merge pull request #245 from cakebaker/bump_to_node24
919bfb6 Bump handlebars from 4.7.8 to 4.7.9
167904b Bump picomatch from 2.3.1 to 2.3.2
Additional commits viewable in compare view

Updates step-security/setup-buildx-action from 3.11.1 to 4.0.0

Release notes

Sourced from step-security/setup-buildx-action's releases.

v4.0.0

What's Changed

build(deps): bump tar from 7.5.7 to 7.5.9 by @dependabot[bot] in step-security/setup-buildx-action#27

build(deps): bump axios from 1.13.2 to 1.13.5 by @dependabot[bot] in step-security/setup-buildx-action#28

fix: upgrade packages and fix vulnerabilities by @Raj-StepSecurity in step-security/setup-buildx-action#29

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/setup-buildx-action#30

fix: added new subscription check code and banner by @amanstep in step-security/setup-buildx-action#31

New Contributors

@dependabot[bot] made their first contribution in

…dates Bumps the github-actions group with 24 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.3` | `2.19.0` | | [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `6.0.2` | | [step-security/mise-action](https://github.com/step-security/mise-action) | `3.4.1` | `4.0.1` | | [step-security/rust-cache](https://github.com/step-security/rust-cache) | `2.8.2` | `2.9.1` | | [benchmark-action/github-action-benchmark](https://github.com/benchmark-action/github-action-benchmark) | `1.20.7` | `1.22.0` | | [step-security/action-gh-release](https://github.com/step-security/action-gh-release) | `2.5.0` | `2.6.1` | | [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action) | `0.0.9` | `0.0.10` | | [step-security/setup-buildx-action](https://github.com/step-security/setup-buildx-action) | `3.11.1` | `4.0.0` | | [step-security/docker-login-action](https://github.com/step-security/docker-login-action) | `3.6.0` | `4.1.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.7.0` | `6.0.0` | | [step-security/docker-build-push-action](https://github.com/step-security/docker-build-push-action) | `6.18.0` | `7.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `7.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `8.0.1` | | [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.20.0` | `0.24.0` | | [step-security/action-semantic-pull-request](https://github.com/step-security/action-semantic-pull-request) | `6.1.1` | `6.1.2` | | [step-security/paths-filter](https://github.com/step-security/paths-filter) | `3.0.5` | `4.0.1` | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.67.18` | `2.75.22` | | [actions/cache](https://github.com/actions/cache) | `4.2.2` | `5.0.5` | | [step-security/publish-unit-test-result-action](https://github.com/step-security/publish-unit-test-result-action) | `2.21.1` | `2.23.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.18` | `4.35.2` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.31.0` | `0.36.0` | | [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.4.0` | `5.0.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.2` | `4.9.0` | Updates `step-security/harden-runner` from 2.13.3 to 2.19.0 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@v2.13.3...8d3c67d) Updates `actions/checkout` from 4.2.2 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.2.2...de0fac2) Updates `step-security/mise-action` from 3.4.1 to 4.0.1 - [Release notes](https://github.com/step-security/mise-action/releases) - [Commits](step-security/mise-action@2fa1b2b...c7396e2) Updates `step-security/rust-cache` from 2.8.2 to 2.9.1 - [Release notes](https://github.com/step-security/rust-cache/releases) - [Commits](step-security/rust-cache@v2.8.2...851174d) Updates `benchmark-action/github-action-benchmark` from 1.20.7 to 1.22.0 - [Release notes](https://github.com/benchmark-action/github-action-benchmark/releases) - [Changelog](https://github.com/benchmark-action/github-action-benchmark/blob/master/CHANGELOG.md) - [Commits](benchmark-action/github-action-benchmark@4bdcce3...a60cea5) Updates `step-security/action-gh-release` from 2.5.0 to 2.6.1 - [Release notes](https://github.com/step-security/action-gh-release/releases) - [Commits](step-security/action-gh-release@d45511d...dc29ef0) Updates `mozilla-actions/sccache-action` from 0.0.9 to 0.0.10 - [Release notes](https://github.com/mozilla-actions/sccache-action/releases) - [Commits](Mozilla-Actions/sccache-action@7d986dd...9e7fa8a) Updates `step-security/setup-buildx-action` from 3.11.1 to 4.0.0 - [Release notes](https://github.com/step-security/setup-buildx-action/releases) - [Commits](step-security/setup-buildx-action@8c8aef2...f931205) Updates `step-security/docker-login-action` from 3.6.0 to 4.1.0 - [Release notes](https://github.com/step-security/docker-login-action/releases) - [Commits](step-security/docker-login-action@c3e677a...870af64) Updates `docker/metadata-action` from 5.7.0 to 6.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v5.7.0...030e881) Updates `step-security/docker-build-push-action` from 6.18.0 to 7.1.0 - [Release notes](https://github.com/step-security/docker-build-push-action/releases) - [Commits](step-security/docker-build-push-action@a8c3d08...846549b) Updates `actions/upload-artifact` from 4.6.2 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4.6.2...043fb46) Updates `actions/download-artifact` from 4.3.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4.3.0...3e5f45b) Updates `anchore/sbom-action` from 0.20.0 to 0.24.0 - [Release notes](https://github.com/anchore/sbom-action/releases) - [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md) - [Commits](anchore/sbom-action@v0.20.0...e22c389) Updates `step-security/action-semantic-pull-request` from 6.1.1 to 6.1.2 - [Release notes](https://github.com/step-security/action-semantic-pull-request/releases) - [Commits](step-security/action-semantic-pull-request@bc0cf74...75d2dd5) Updates `step-security/paths-filter` from 3.0.5 to 4.0.1 - [Release notes](https://github.com/step-security/paths-filter/releases) - [Commits](step-security/paths-filter@6eee183...5c5241b) Updates `taiki-e/install-action` from 2.67.18 to 2.75.22 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](taiki-e/install-action@650c5ca...cf525cb) Updates `actions/cache` from 4.2.2 to 5.0.5 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@d4323d4...27d5ce7) Updates `step-security/publish-unit-test-result-action` from 2.21.1 to 2.23.0 - [Release notes](https://github.com/step-security/publish-unit-test-result-action/releases) - [Commits](step-security/publish-unit-test-result-action@914f0f6...681100d) Updates `codecov/codecov-action` from 5.5.2 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@671740a...57e3a13) Updates `github/codeql-action` from 3.28.18 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3.28.18...95e58e9) Updates `aquasecurity/trivy-action` from 0.31.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@76071ef...ed142fd) Updates `googleapis/release-please-action` from 4.4.0 to 5.0.0 - [Release notes](https://github.com/googleapis/release-please-action/releases) - [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md) - [Commits](googleapis/release-please-action@16a9c90...45996ed) Updates `actions/dependency-review-action` from 4.8.2 to 4.9.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@3c4e3dc...2031cfc) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: step-security/mise-action dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: step-security/rust-cache dependency-version: 2.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: benchmark-action/github-action-benchmark dependency-version: 1.22.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: step-security/action-gh-release dependency-version: 2.6.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: mozilla-actions/sccache-action dependency-version: 0.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: step-security/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: step-security/docker-login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: step-security/docker-build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: anchore/sbom-action dependency-version: 0.24.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: step-security/action-semantic-pull-request dependency-version: 6.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: step-security/paths-filter dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: taiki-e/install-action dependency-version: 2.75.22 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: step-security/publish-unit-test-result-action dependency-version: 2.23.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: googleapis/release-please-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added area/ci CI/CD area/deps Dependencies labels Apr 27, 2026

github-actions Bot added area/config Configuration and removed area/deps Dependencies labels Apr 27, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(deps): bump the github-actions group across 1 directory with 24 updates#86

ci(deps): bump the github-actions group across 1 directory with 24 updates#86
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/github-actions-a58363fea7

dependabot Bot commented on behalf of github Apr 27, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 27, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.19.0

What's Changed

New Runner Support

Automated Incident Response for Supply Chain Attacks

Bug Fixes

v2.18.0

What's Changed

v2.17.0

What's Changed

Policy Store Support

v2.16.1

What's Changed

v2.16.0

What's Changed

v2.15.1

What's Changed

v6.0.2

What's Changed

v6.0.1

What's Changed

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

Changelog

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.0.1

What's Changed

v3.6.2

What's Changed

v3.6.1

What's Changed

v3.5.1

What's Changed

v2.9.1

What's Changed

v2.8.4

What's Changed

New Contributors

v2.8.3

What's Changed

v1.22.0

v1.21.0

Unreleased

v1.22.0 - 31 Mar 2026

v1.21.0 - 02 Mar 2026

v1.20.7 - 06 Sep 2025

v1.20.5 - 02 Sep 2025

v1.20.4 - 23 Oct 2024

v1.20.3 - 19 May 2024

v1.20.2 - 19 May 2024

v1.20.1 - 02 Apr 2024

v1.20.0 - 02 Apr 2024

v1.19.3 - 02 Feb 2024

v1.19.2 - 26 Jan 2024

v2.6.1

What's Changed

v0.0.10

What's Changed

New Contributors

v4.0.0

dependabot Bot commented on behalf of github Apr 27, 2026 •

edited

Loading