chore(deps): bump the all group across 1 directory with 9 updates by dependabot[bot] · Pull Request #2986 · crytic/slither

dependabot · 2026-03-18T22:55:45Z

Bumps the all group with 9 updates in the / directory:

Package	From	To
cachix/install-nix-action	`31.9.0`	`31.10.1`
docker/setup-qemu-action	`3.7.0`	`4.0.0`
docker/setup-buildx-action	`3.12.0`	`4.0.0`
docker/metadata-action	`5.10.0`	`6.0.0`
docker/login-action	`3.7.0`	`4.0.0`
docker/build-push-action	`6.18.0`	`7.0.0`
actions/upload-artifact	`6.0.0`	`7.0.0`
actions/download-artifact	`7.0.0`	`8.0.1`
actions/setup-node	`6.2.0`	`6.3.0`

Updates cachix/install-nix-action from 31.9.0 to 31.10.1

Release notes

Sourced from cachix/install-nix-action's releases.

v31.10.1

What's Changed

nix: 2.34.0 -> 2.34.1 by @github-actions[bot] in cachix/install-nix-action#269 Fixes a bug introduced in 2.34.0 that made the Nix daemon fail to load authentication keys configured by cachix-action.

Full Changelog: cachix/install-nix-action@v31.10.0...v31.10.1

v31.10.0

What's Changed

nix: 2.33.3 -> 2.34.0 by @github-actions[bot] in cachix/install-nix-action#267 Release notes: https://discourse.nixos.org/t/nix-2-34-0-released/75818

⚠️ Nix 2.34.0 contains a regression that, under certain scenarios (a trusted-user + a client-side netrc-file), breaks authentication with private caches that rely on netrc files. This regression affects cachix/cachix-action.

UPD: 2.34.1 has been released with a patch for the authentication issue

Full Changelog: cachix/install-nix-action@v31.9.1...v31.10.0

v31.9.1

What's Changed

nix: 2.33.0 -> 2.33.3 by @github-actions[bot] in cachix/install-nix-action#266

Full Changelog: cachix/install-nix-action@v31...v31.9.1

Commits

1ca7d21 Merge pull request #269 from cachix/create-pull-request/patch
b613734 nix: 2.34.0 -> 2.34.1
19effe9 Merge pull request #267 from cachix/create-pull-request/patch
d3f3b99 nix: 2.33.3 -> 2.34.0
2126ae7 Merge pull request #266 from cachix/create-pull-request/patch
eb3d7b0 nix: 2.33.0 -> 2.33.3
See full diff in compare view

Updates docker/setup-qemu-action from 3.7.0 to 4.0.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.0.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates docker/metadata-action from 5.10.0 to 6.0.0

Release notes

Sourced from docker/metadata-action's releases.

v6.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/metadata-action#605

List inputs now preserve # inside values while still supporting full-line # comments by @crazy-max in docker/metadata-action#607

Switch to ESM and update config/test wiring by @crazy-max in docker/metadata-action#602

Bump lodash from 4.17.21 to 4.17.23 in docker/metadata-action#588

Bump @actions/core from 1.11.1 to 3.0.0 in docker/metadata-action#599

Bump @actions/github from 6.0.1 to 9.0.0 in docker/metadata-action#597

Bump @docker/actions-toolkit from 0.68.0 to 0.79.0 in docker/metadata-action#604

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/metadata-action#600

Bump semver from 7.7.3 to 7.7.4 in docker/metadata-action#603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

Commits

030e881 Merge pull request #607 from crazy-max/allow-comments
4b529ac chore: update generated content
b0082b3 preserve comments in list input values with commentNoInfix
7b19fec Merge pull request #604 from docker/dependabot/npm_and_yarn/docker/actions-to...
281c9b0 chore: update generated content
5f43b3b test: stabilize github mock setup since ESM
9d53276 github class moved since actions-toolkit v0.77.0
eaa3d39 chore(deps): Bump @docker/actions-toolkit from 0.68.0 to 0.77.0
6b695f7 Merge pull request #605 from crazy-max/node24
a1afadc node 24 as default runtime
Additional commits viewable in compare view

Updates docker/login-action from 3.7.0 to 4.0.0

Release notes

Sourced from docker/login-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

Commits

b45d80f Merge pull request #929 from crazy-max/node24
176cb9c node 24 as default runtime
cad8984 Merge pull request #920 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
92cbcb2 chore: update generated content
5a2d6a7 build(deps): bump the aws-sdk-dependencies group with 2 updates
44512b6 Merge pull request #928 from docker/dependabot/npm_and_yarn/docker/actions-to...
28737a5 chore: update generated content
dac0793 build(deps): bump @docker/actions-toolkit from 0.76.0 to 0.77.0
62029f3 Merge pull request #919 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
08c8f06 chore: update generated content
Additional commits viewable in compare view

Updates docker/build-push-action from 6.18.0 to 7.0.0

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

Commits

d08e5c3 Merge pull request #1479 from docker/dependabot/npm_and_yarn/docker/actions-t...
cbd2dff chore: update generated content
f76f51f chore(deps): Bump @docker/actions-toolkit from 0.78.0 to 0.79.0
7d03e66 Merge pull request #1473 from crazy-max/rm-deprecated-envs
98f853d chore: update generated content
cadccf6 remove deprecated envs
03fe877 Merge pull request #1478 from docker/dependabot/github_actions/docker/setup-b...
827e366 chore(deps): Bump docker/setup-buildx-action from 3 to 4
e25db87 Merge pull request #1474 from crazy-max/rm-export-build-tool
1ac2573 Merge pull request #1470 from crazy-max/node24
Additional commits viewable in compare view

Updates actions/upload-artifact from 6.0.0 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

bbbca2d Support direct file uploads (#764)
589182c Upgrade the module to ESM and bump dependencies (#762)
47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
02a8460 Add proxy integration test
See full diff in compare view

Updates actions/download-artifact from 7.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Support for CJK characters in the artifact name by @danwkennedy in actions/download-artifact#471

Add a regression test for artifact name + content-type mismatches by @danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Don't attempt to un-zip non-zipped downloads by @danwkennedy in actions/download-artifact#460

Add a setting to specify what to do on hash mismatch and default it to error by @danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits

3e5f45b Add regression tests for CJK characters (#471)
e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
f258da9 Add change docs
ccc058e Fix linting issues
bd7976b Add a setting to specify what to do on hash mismatch and default it to error
ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
15999bf Add note about package bumps
974686e Bump the version to v8 and add release notes
fbe48b1 Update test names to make it clearer what they do
Additional commits viewable in compare view

Updates actions/setup-node from 6.2.0 to 6.3.0

Release notes

Sourced from actions/setup-node's releases.

v6.3.0

What's Changed

Enhancements:

Support parsing devEngines field by @susnux in actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

Fix npm audit issues by @gowridurgad in actions/setup-node#1491

Replace uuid with crypto.randomUUID() by @trivikr in actions/setup-node#1378

Upgrade minimatch from 3.1.2 to 3.1.5 by @dependabot in actions/setup-node#1498

Bug fixes:

Remove hardcoded bearer for mirror-url @marco-ippolito in actions/setup-node#1467

Scope test lockfiles by package manager and update cache tests by @gowridurgad in actions/setup-node#1495

New Contributors

@susnux made their first contribution in actions/setup-node#1283

Full Changelog: actions/setup-node@v6...v6.3.0

Commits

53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
54045ab Scope test lockfiles by package manager and update cache tests (#1495)
c882bff Replace uuid with crypto.randomUUID() (#1378)
774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
efcb663 fix: remove hardcoded bearer (#1467)
d02c89d Fix npm audit issues (#1491)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [cachix/install-nix-action](https://github.com/cachix/install-nix-action) | `31.9.0` | `31.10.1` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.18.0` | `7.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.2.0` | `6.3.0` | Updates `cachix/install-nix-action` from 31.9.0 to 31.10.1 - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md) - [Commits](cachix/install-nix-action@4e002c8...1ca7d21) Updates `docker/setup-qemu-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@c7c5346...ce36039) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8d2750c...4d04d5d) Updates `docker/metadata-action` from 5.10.0 to 6.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@c299e40...030e881) Updates `docker/login-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...b45d80f) Updates `docker/build-push-action` from 6.18.0 to 7.0.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@2634353...d08e5c3) Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...bbbca2d) Updates `actions/download-artifact` from 7.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@37930b1...3e5f45b) Updates `actions/setup-node` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@6044e13...53b8394) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-version: 31.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Mar 18, 2026

dependabot bot requested a review from elopez as a code owner March 18, 2026 22:55

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the all group across 1 directory with 9 updates#2986

chore(deps): bump the all group across 1 directory with 9 updates#2986
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/master/all-5f78a25daa

dependabot bot commented on behalf of github Mar 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 18, 2026

v31.10.1

What's Changed

v31.10.0

What's Changed

v31.9.1

What's Changed

v4.0.0

v4.0.0

v6.0.0

v4.0.0

v7.0.0

v6.19.2

v6.19.1

v6.19.0

v7.0.0

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

v8.0.1

What's Changed

v8.0.0

v8 - What's new

Direct downloads

Enforced checks (breaking)

ESM

What's Changed

v6.3.0

What's Changed

Enhancements:

Dependency updates:

Bug fixes:

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants