Skip to content

Bump the github-actions group with 5 updates #2547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 1, 2025
Merged

Bump the github-actions group with 5 updates #2547

merged 1 commit into from
Oct 1, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 1, 2025

Bumps the github-actions group with 5 updates:

Package From To
actions/cache 4.2.4 4.3.0
actions/stale 9.1.0 10.0.0
actions/labeler 5.0.0 6.0.1
ossf/scorecard-action 2.4.2 2.4.3
github/codeql-action 3.29.11 3.30.5

Updates actions/cache from 4.2.4 to 4.3.0

Release notes

Sourced from actions/cache's releases.

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/cache@v4...v4.3.0

Changelog

Sourced from actions/cache's changelog.

Releases

4.3.0

  • Bump @actions/cache to v4.1.0

4.2.4

  • Bump @actions/cache to v4.0.5

4.2.3

  • Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

  • Bump @actions/cache to v4.0.2

4.2.1

  • Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

  • Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
  • Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

  • Restore original behavior of cache-hit output - #1467

4.1.0

  • Ensure cache-hit output is set when a cache is missed - #1404
  • Deprecate save-always input - #1452

... (truncated)

Commits
  • 0057852 Merge pull request #1655 from actions/Link-/prepare-4.3.0
  • 4f5ea67 Update licensed cache
  • 9fcad95 Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release
  • 638ed79 Merge pull request #1642 from actions/GhadimiR-patch-1
  • 3862dcc Add note on runner versions
  • See full diff in compare view

Updates actions/stale from 9.1.0 to 10.0.0

Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Full Changelog: actions/stale@v9...v10.0.0

Commits

Updates actions/labeler from 5.0.0 to 6.0.1

Release notes

Sourced from actions/labeler's releases.

v6.0.1

What's Changed

New Contributors

Full Changelog: actions/labeler@v6.0.0...v6.0.1

v6.0.0

What's Changed

Breaking Changes

Dependency Upgrades

Documentation changes

... (truncated)

Commits

Updates ossf/scorecard-action from 2.4.2 to 2.4.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

Other

New Contributors

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

Commits
  • 4eaacf0 bump docker to ghcr v2.4.3 (#1587)
  • 42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
  • 88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
  • 6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
  • 92083b5 📖 Fix recommended command to test the image in development (#1583)
  • 7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
  • 0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
  • 46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
  • c3f1350 🌱 Improve printing options (#1584)
  • 43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
  • Additional commits viewable in compare view

Updates github/codeql-action from 3.29.11 to 3.30.5

Release notes

Sourced from github/codeql-action's releases.

v3.30.5

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

See the full CHANGELOG.md for more information.

v3.30.4

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
  • Update default CodeQL bundle version to 2.23.1. #3118

See the full CHANGELOG.md for more information.

v3.30.3

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.3 - 10 Sep 2025

No user facing changes.

See the full CHANGELOG.md for more information.

v3.30.2

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

3.30.2 - 09 Sep 2025

  • Fixed a bug which could cause language autodetection to fail. #3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

See the full CHANGELOG.md for more information.

v3.30.1

CodeQL Action Changelog

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

3.30.5 - 26 Sep 2025

  • We fixed a bug that was introduced in 3.30.4 with upload-sarif which resulted in files without a .sarif extension not getting uploaded. #3160

3.30.4 - 25 Sep 2025

  • We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the codeql-action/init step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the codeql-action/init step. #3099 and #3100
  • We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. #3107
  • You can now run the latest CodeQL nightly bundle by passing tools: nightly to the init action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. #3130
  • Update default CodeQL bundle version to 2.23.1. #3118

3.30.3 - 10 Sep 2025

No user facing changes.

3.30.2 - 09 Sep 2025

  • Fixed a bug which could cause language autodetection to fail. #3084
  • Experimental: The quality-queries input that was added in 3.29.2 as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new analysis-kinds input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. #3064

3.30.1 - 05 Sep 2025

  • Update default CodeQL bundle version to 2.23.0. #3077

3.30.0 - 01 Sep 2025

  • Reduce the size of the CodeQL Action, speeding up workflows by approximately 4 seconds. #3054

3.29.11 - 21 Aug 2025

  • Update default CodeQL bundle version to 2.22.4. #3044

3.29.10 - 18 Aug 2025

No user facing changes.

3.29.9 - 12 Aug 2025

No user facing changes.

3.29.8 - 08 Aug 2025

... (truncated)

Commits
  • 3599b3b Merge pull request #3161 from github/update-v3.30.5-0a67bd46a
  • 2ca0085 Update changelog for v3.30.5
  • 0a67bd4 Merge pull request #3160 from github/mbg/fix/upload-sarif
  • 8e34f2f Add changelog
  • 0b7fc56 Fix upload-sarif not uploading non-.sarif files
  • 94a9b7a Merge pull request #3155 from github/mbg/node/no-install-in-actions
  • a0ae9ba Log what the script is doing
  • b27a8ef Exit if running in an Actions workflow
  • 6592567 Merge pull request #3139 from github/henrymercer/fix-log-message
  • fa64a7d Merge pull request #3154 from github/mbg/node/check-up-to-date-deps
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the github-actions group with 5 updates
54ac626 
Bumps the github-actions group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/cache](https://github.com/actions/cache) | `4.2.4` | `4.3.0` |
| [actions/stale](https://github.com/actions/stale) | `9.1.0` | `10.0.0` |
| [actions/labeler](https://github.com/actions/labeler) | `5.0.0` | `6.0.1` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.11` | `3.30.5` |


Updates `actions/cache` from 4.2.4 to 4.3.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@0400d5f...0057852)

Updates `actions/stale` from 9.1.0 to 10.0.0
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@5bef64f...3a9db7e)

Updates `actions/labeler` from 5.0.0 to 6.0.1
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](actions/labeler@8558fd7...634933e)

Updates `ossf/scorecard-action` from 2.4.2 to 2.4.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@05b42c6...4eaacf0)

Updates `github/codeql-action` from 3.29.11 to 3.30.5
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@3c3833e...3599b3b)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 4.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/stale
  dependency-version: 10.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/labeler
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: 3.30.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the autosubmit label Oct 1, 2025
@github-actions github-actions bot added the type-infra A repository infrastructure change or enhancement label Oct 1, 2025
@github-actions
Copy link

github-actions bot commented Oct 1, 2025

PR Health

Changelog Entry ✔️
Package Changed Files

Changes to files need to be accounted for in their respective changelogs.

This check can be disabled by tagging the PR with skip-changelog-check.

@auto-submit auto-submit bot merged commit a16f149 into master Oct 1, 2025
66 checks passed
@auto-submit auto-submit bot deleted the dependabot/github_actions/github-actions-524f7b5547 branch October 1, 2025 03:14
copybara-service bot pushed a commit to dart-lang/sdk that referenced this pull request Oct 1, 2025
@devoncarew
[deps] rev ai, http, i18n, shelf, test, tools, vector_math, web, webk…
d6b1270 
…it_inspection_protocol

Revisions updated by `dart tools/rev_sdk_deps.dart`.

ai (https://github.com/dart-lang/ai/compare/901e2ce..ec5d6aa):
  ec5d6aa  2025-10-01  dependabot[bot]  Bump the github-actions group with 2 updates (dart-lang/ai#288)

http (https://github.com/dart-lang/http/compare/e0dadd1..2c53fa3):
  2c53fa3  2025-10-01  dependabot[bot]  Bump the github-actions group with 3 updates (dart-lang/http#1828)
  1b5103f  2025-10-01  Alex Li  [cronet_http] Upgrade `cronet-embedded` dependency version to support 16 KB page sizes (dart-lang/http#1824)
  f701e93  2025-09-29  Brian Quinlan  Remove obsolete TODO comment (dart-lang/http#1816)

i18n (https://github.com/dart-lang/i18n/compare/09627d2..34d1832):
  34d1832b  2025-10-01  Moritz  Fix casemapping on web (dart-lang/i18n#1013)
  914b0178  2025-10-01  dependabot[bot]  Bump actions/labeler from 5.0.0 to 6.0.1 in the github-actions group (dart-lang/i18n#1014)
  f171926e  2025-09-19  Moritz  Upgrade SDK in package:intl_translation (dart-lang/i18n#983)

shelf (https://github.com/dart-lang/shelf/compare/de91a5b..f30d650):
  f30d650  2025-10-01  dependabot[bot]  Bump the github-actions group with 3 updates (dart-lang/shelf#483)

test (https://github.com/dart-lang/test/compare/b99d556..a16f149):
  a16f1497  2025-10-01  dependabot[bot]  Bump the github-actions group with 5 updates (dart-lang/test#2547)

tools (https://github.com/dart-lang/tools/compare/2ef298e..19f91a0):
  19f91a03  2025-10-01  Morgan :)  Run file watcher symlink tests. (dart-lang/tools#2189)
  7929379b  2025-10-01  Morgan :)  Add test coverage for file watcher and symlinks. (dart-lang/tools#2178)
  d0e3edd1  2025-09-30  Morgan :)  Fix file watcher startup race on MacOS (dart-lang/tools#2176)
  36cefcee  2025-10-01  dependabot[bot]  Bump the github-actions group with 5 updates (dart-lang/tools#2188)
  08db1688  2025-10-01  Aleksey Garbarev  Fixing structure issue of nested lists indented by tabs (`#2172`) (dart-lang/tools#2173)
  16276f53  2025-09-30  Parker Lougheed  [markdown] Simplify deindentation logic for fenced code block lines (dart-lang/tools#2187)

vector_math (https://github.com/google/vector_math.dart/compare/3939545..a7b7e9c):
  a7b7e9c  2025-10-01  dependabot[bot]  Bump the github-actions group with 2 updates (google/vector_math.dart#352)

web (https://github.com/dart-lang/web/compare/0baaea4..816abcc):
  816abcc  2025-10-01  dependabot[bot]  Bump the github-actions group with 2 updates (dart-lang/web#473)

webkit_inspection_protocol (https://github.com/google/webkit_inspection_protocol.dart/compare/effa752..0f76858):
  0f76858  2025-10-01  dependabot[bot]  Bump the github-actions group across 1 directory with 3 updates (google/webkit_inspection_protocol.dart#135)

Change-Id: Id2cf6c1142aece53d531ca46122bb36a0fa2a34b
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/452902
Commit-Queue: Devon Carew <devoncarew@google.com>
Reviewed-by: Konstantin Shcheglov <scheglov@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fluttergithubbot fluttergithubbot fluttergithubbot approved these changes

Assignees

No one assigned

Labels

autosubmit type-infra A repository infrastructure change or enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fluttergithubbot