[chore] : Bump the actions group with 8 updates

[dependabot]

Bumps the actions group with 8 updates:

Package	From	To
actions/setup-go	4.1.0	5.5.0
actions/checkout	3df4ab11eba7bda6032a0b82a6bb43b11571feac	09d2acae674a48949e3602304ab46fd20ae0c42f
actions/cache	4.2.0	4.2.3
aws-actions/configure-aws-credentials	4.0.0	4.2.1
google-github-actions/auth	1.1.1	2.1.10
actions/upload-artifact	4.3.3	4.6.2
hashicorp/setup-signore	1	2
goreleaser/goreleaser-action	5.0.0	6.3.0

Updates actions/setup-go from 4.1.0 to 5.5.0

Release notes

Sourced from actions/setup-go's releases.

v5.5.0

What's Changed

Bug fixes:

• Update self-hosted environment validation by @​priyagupta108 in actions/setup-go#556
• Add manifest validation and improve error handling by @​priyagupta108 in actions/setup-go#586
• Update template link by @​jsoref in actions/setup-go#527

Dependency updates:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in actions/setup-go#574
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in actions/setup-go#573
• Upgrade ts-jest from 29.1.2 to 29.3.2 by @​dependabot in actions/setup-go#582
• Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @​dependabot in actions/setup-go#537

New Contributors

• @​jsoref made their first contribution in actions/setup-go#527

Full Changelog: actions/setup-go@v5...v5.5.0

v5.4.0

What's Changed

Dependency updates :

• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in actions/setup-go#535
• Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @​dependabot in actions/setup-go#536
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​aparnajyothi-y in actions/setup-go#568
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in actions/setup-go#541

New Contributors

• @​aparnajyothi-y made their first contribution in actions/setup-go#568

Full Changelog: actions/setup-go@v5...v5.4.0

v5.3.0

What's Changed

• Use the new cache service: upgrade @actions/cache to ^4.0.0 by @​Link- in actions/setup-go#531
• Configure Dependabot settings by @​HarithaVattikuti in actions/setup-go#530
• Document update - permission section by @​HarithaVattikuti in actions/setup-go#533
• Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in actions/setup-go#534

New Contributors

• @​Link- made their first contribution in actions/setup-go#531

Full Changelog: actions/setup-go@v5...v5.3.0

v5.2.0

What's Changed

• Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by @​Shegox in actions/setup-go#496

New Contributors

• @​Shegox made their first contribution in actions/setup-go#496

... (truncated)

Commits

• d35c59a chore: update discussions url (#527)
• 29694d7 Add manifest validation and improve error handling (#586)
• 78535dd Bump eslint-plugin-jest from 27.9.0 to 28.11.0 (#537)
• bb65d88 Bump ts-jest from 29.1.2 to 29.3.2 (#582)
• 7f17e83 Bump @​actions/glob from 0.4.0 to 0.5.0 (#573)
• dca8468 Update self-hosted environment validation and bump undici version (#556)
• 691cc35 upgrade actions/cache to 4.0.3 (#574)
• 0aaccfd Bump undici from 5.28.4 to 5.28.5 (#541)
• c4c1141 upgrade actions/cache to 4.0.2 (#568)
• 5a083d0 Bump eslint-config-prettier from 8.10.0 to 10.0.1 (#536)
• Additional commits viewable in compare view

Updates actions/checkout from 3df4ab11eba7bda6032a0b82a6bb43b11571feac to 09d2acae674a48949e3602304ab46fd20ae0c42f

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

• Check git version before attempting to disable sparse-checkout by @​jww3 in actions/checkout#1656
• Add SSH user parameter by @​cory-miller in actions/checkout#1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in actions/checkout#1650

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

... (truncated)

Commits

• 09d2aca Update README.md (#2194)
• 85e6279 Adjust positioning of user email note and permissions heading (#2044)
• 009b9ae Documentation update - add recommended permissions to Readme (#2043)
• cbb7224 Update README.md (#1977)
• 3b9b8c8 docs: update README.md (#1971)
• 11bd719 Prepare 4.2.2 Release (#1953)
• e3d2460 Expand unit test coverage (#1946)
• 163217d url-helper.ts now leverages well-known environment variables. (#1941)
• eef6144 Prepare 4.2.1 release (#1925)
• 6b42224 Add workflow file for publishing releases to immutable action package (#1919)
• Additional commits viewable in compare view

Updates actions/cache from 4.2.0 to 4.2.3

Release notes

Sourced from actions/cache's releases.

v4.2.3

What's Changed

• Update to use @​actions/cache 4.0.3 package & prepare for new release by @​salmanmkc in actions/cache#1577 (SAS tokens for cache entries are now masked in debug logs)

New Contributors

• @​salmanmkc made their first contribution in actions/cache#1577

Full Changelog: actions/cache@v4.2.2...v4.2.3

v4.2.2

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• Bump @​actions/cache to v4.0.2 by @​robherley in actions/cache#1560

Full Changelog: actions/cache@v4.2.1...v4.2.2

v4.2.1

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

• docs: GitHub is spelled incorrectly in caching-strategies.md by @​janco-absa in actions/cache#1526
• docs: Make the "always save prime numbers" example more clear by @​Tobbe in actions/cache#1525
• Update force deletion docs due a recent deprecation by @​sebbalex in actions/cache#1500
• Bump @​actions/cache to v4.0.1 by @​robherley in actions/cache#1554

New Contributors

• @​janco-absa made their first contribution in actions/cache#1526
• @​Tobbe made their first contribution in actions/cache#1525
• @​sebbalex made their first contribution in actions/cache#1500

Full Changelog: actions/cache@v4.2.0...v4.2.1

Changelog

Sourced from actions/cache's changelog.

Releases

4.2.3

• Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

• Bump @actions/cache to v4.0.2

4.2.1

• Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

• Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474
• Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

• Restore original behavior of cache-hit output - #1467

4.1.0

• Ensure cache-hit output is set when a cache is missed - #1404
• Deprecate save-always input - #1452

4.0.2

• Fixed restore fail-on-cache-miss not working.

4.0.1

• Updated isGhes check

... (truncated)

Commits

• 5a3ec84 Merge pull request #1577 from salmanmkc/salmanmkc/4-test
• 7de2102 Update releases.md
• 76d40dd Update to use the latest version of the cache package to obfuscate the SAS
• 76dd5eb update cache with main
• 8c80c27 new package
• 45cfd0e updates
• edd449b updated cache with latest changes
• 0576707 latest test before pr
• 3105dc9 update
• 9450d42 mask
• Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 4.0.0 to 4.2.1

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v4.2.1

4.2.1 (2025-05-14)

Bug Fixes

• ensure explicit inputs take precedence over environment variables (e56e6c4)
• prioritize explicit inputs over environment variables (df9c8fe)

v4.2.0

4.2.0 (2025-05-06)

Features

• add Expiration field to Outputs (a4f3267)
• Document role-duration-seconds range (5a0cf01)
• support action inputs as environment variables (#1338) (2c168ad)

Bug Fixes

• make sure action builds, also fix dependabot autoapprove (c401b8a)
• role chaning on mulitple runs (#1340) (9e38641)

v4.1.0

4.1.0 (2025-02-08)

Features

• idempotent fetch (#1289) (eb70354)

Bug Fixes

• build failure due to tests (#1283) (134d71e)
• Dependabot autoapprove (#1284) (b9ee51d)
• Dependabot autoapprove id-token write permission (#1285) (f0af89b)
• typo (#1281) (39fd91c)

v4.0.3

4.0.3 (2025-01-27)

Features

• added release-please action config (0f88004)

... (truncated)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

4.2.1 (2025-05-14)

Bug Fixes

• ensure explicit inputs take precedence over environment variables (e56e6c4)
• prioritize explicit inputs over environment variables (df9c8fe)

4.2.0 (2025-05-06)

Features

• add Expiration field to Outputs (a4f3267)
• Document role-duration-seconds range (5a0cf01)
• support action inputs as environment variables (#1338) (2c168ad)

Bug Fixes

• make sure action builds, also fix dependabot autoapprove (c401b8a)
• role chaning on mulitple runs (#1340) (9e38641)

4.1.0 (2025-02-08)

Features

• idempotent fetch (#1289) (eb70354)

Bug Fixes

• build failure due to tests (#1283) (134d71e)
• Dependabot autoapprove (#1284) (b9ee51d)
• Dependabot autoapprove id-token write permission (#1285) (f0af89b)
• typo (#1281) (39fd91c)

4.0.3 (2025-01-27)

Features

• added release-please action config (0f88004)

... (truncated)

Commits

• b475783 chore(main): release 4.2.1 (#1356)
• e56e6c4 Merge pull request #1355 from hozzer/main
• c0573b2 update dist
• df9c8fe fix: prioritize explicit inputs over environment variables
• e7aeb52 chore: Update dist
• 5188626 chore(deps): bump @​aws-sdk/client-sts from 3.803.0 to 3.808.0 (#1353)
• a7d7b78 chore: Update dist
• e10de4c chore(deps-dev): bump @​aws-sdk/credential-provider-env (#1352)
• 85f7c4c chore(deps-dev): bump @​types/node from 22.15.11 to 22.15.17 (#1351)
• f24d719 Merge pull request #1331 from aws-actions/release-please--branches--main--com...
• Additional commits viewable in compare view

Updates google-github-actions/auth from 1.1.1 to 2.1.10

Release notes

Sourced from google-github-actions/auth's releases.

v2.1.10

What's Changed

• Declare workflow permissions by @​sethvargo in google-github-actions/auth#482
• Document that the OIDC token expires in 5min by @​sethvargo in google-github-actions/auth#483
• Release: v2.1.10 by @​google-github-actions-bot in google-github-actions/auth#484

Full Changelog: google-github-actions/auth@v2.1.9...v2.1.10

v2.1.9

What's Changed

• Use our custom boolean parsing by @​sethvargo in google-github-actions/auth#478
• Update deps by @​sethvargo in google-github-actions/auth#479
• Release: v2.1.9 by @​google-github-actions-bot in google-github-actions/auth#480

Full Changelog: google-github-actions/auth@v2.1.8...v2.1.9

v2.1.8

What's Changed

• Update TROUBLESHOOTING.md by @​sethvargo in google-github-actions/auth#457
• fix: add runs-on to README.md example by @​lbarthon in google-github-actions/auth#460
• security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group by @​dependabot in google-github-actions/auth#463
• Update deps by @​sethvargo in google-github-actions/auth#466
• Release: v2.1.8 by @​google-github-actions-bot in google-github-actions/auth#467

New Contributors

• @​lbarthon made their first contribution in google-github-actions/auth#460

Full Changelog: google-github-actions/auth@v2...v2.1.8

v2.1.7

What's Changed

• fix: update relase workflows by @​verbanicm in google-github-actions/auth#452
• Release: v2.1.7 by @​google-github-actions-bot in google-github-actions/auth#453

Full Changelog: google-github-actions/auth@v2.1.6...v2.1.7

v2.1.6

What's Changed

• Recommend gcloud storage over gsutil by @​sethvargo in google-github-actions/auth#438
• Add missing log line by @​sethvargo in google-github-actions/auth#448
• Release: v2.1.6 by @​google-github-actions-bot in google-github-actions/auth#449

Full Changelog: google-github-actions/auth@v2.1.5...v2.1.6

v2.1.5

What's Changed

... (truncated)

Commits

• ba79af0 Release: v2.1.10 (#484)
• bfaa66b Document that the OIDC token expires in 5min (#483)
• d0822ad Declare workflow permissions (#482)
• 7b53cdc Release: v2.1.9 (#480)
• a9cfddf Update deps (#479)
• b011f39 Use our custom boolean parsing (#478)
• 71f9864 Release: v2.1.8 (#467)
• 0cd8f2e Update deps (#466)
• 332e0ba security: bump undici from 5.28.4 to 5.28.5 in the npm_and_yarn group (#463)
• 28d44ba fix: add runs-on to README.md example (#460)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.3.3 to 4.6.2

Release notes

Sourced from actions/upload-artifact's releases.

v4.6.2

What's Changed

• Update to use artifact 2.3.2 package & prepare for new upload-artifact release by @​salmanmkc in actions/upload-artifact#685

New Contributors

• @​salmanmkc made their first contribution in actions/upload-artifact#685

Full Changelog: actions/upload-artifact@v4...v4.6.2

v4.6.1

What's Changed

• Update to use artifact 2.2.2 package by @​yacaovsnc in actions/upload-artifact#673

Full Changelog: actions/upload-artifact@v4...v4.6.1

v4.6.0

What's Changed

• Expose env vars to control concurrency and timeout by @​yacaovsnc in actions/upload-artifact#662

Full Changelog: actions/upload-artifact@v4...v4.6.0

v4.5.0

What's Changed

• fix: deprecated Node.js version in action by @​hamirmahal in actions/upload-artifact#578
• Add new artifact-digest output by @​bdehamer in actions/upload-artifact#656

New Contributors

• @​hamirmahal made their first contribution in actions/upload-artifact#578
• @​bdehamer made their first contribution in actions/upload-artifact#656

Full Changelog: actions/upload-artifact@v4.4.3...v4.5.0

v4.4.3

What's Changed

• Undo indirect dependency updates from #627 by @​joshmgross in actions/upload-artifact#632

Full Changelog: actions/upload-artifact@v4.4.2...v4.4.3

v4.4.2

What's Changed

• Bump @actions/artifact to 2.1.11 by @​robherley in actions/upload-artifact#627
  • Includes fix for relative symlinks not resolving properly

Full Changelog: actions/upload-artifact@v4.4.1...v4.4.2

v4.4.1

... (truncated)

Commits

• ea165f8 Merge pull request #685 from salmanmkc/salmanmkc/3-new-upload-artifacts-release
• 0839620 Prepare for new release of actions/upload-artifact with new toolkit cache ver...
• 4cec3d8 Merge pull request #673 from actions/yacaovsnc/artifact_2.2.2
• e9fad96 license cache update for artifact
• b26fd06 Update to use artifact 2.2.2 package
• 65c4c4a Merge pull request #662 from actions/yacaovsnc/add_variable_for_concurrency_a...
• 0207619 move files back to satisfy licensed ci
• 1ecca81 licensed cache updates
• 9742269 Expose env vars to controll concurrency and timeout
• 6f51ac0 Merge pull request #656 from bdehamer/bdehamer/artifact-digest
• Additional commits viewable in compare view

Updates hashicorp/setup-signore from 1 to 2

Release notes

Sourced from hashicorp/setup-signore's releases.

v2

Breaking changes

• Setting client-id and client-secret is no longer supported

What's Changed

• Initial jest unit testing and ncc preparation by @​bflad in hashicorp/setup-signore#1
• Test and fix configuration writing, add signer configuration by @​bflad in hashicorp/setup-signore#2
• fix eslint nits, update npm recommended packages by @​milescrabill in hashicorp/setup-signore#4
• add a note to the readme about the setup-signore-package action by @​milescrabill in hashicorp/setup-signore#5
• remove the ability to configure client-id and client-secret by @​milescrabill in hashicorp/setup-signore#6
• Bump nock from 13.1.0 to 13.1.4 by @​dependabot in hashicorp/setup-signore#7
• Bump @​actions/core from 1.4.0 to 1.6.0 by @​dependabot in hashicorp/setup-signore#8
• Bump eslint-plugin-import from 2.23.4 to 2.25.2 by @​dependabot in hashicorp/setup-signore#10
• Bump @​vercel/ncc from 0.28.6 to 0.31.1 by @​dependabot in hashicorp/setup-signore#9
• Bump jest from 27.0.6 to 27.3.1 by @​dependabot in hashicorp/setup-signore#11

Full Changelog: hashicorp/setup-signore@v1.0.1...v2

Commits

• 222ce0f Merge pull request #70 from hashicorp/regenerate-dist
• 1a0ebd6 regenerate dist
• 1e9b76b Merge pull request #65 from hashicorp/compliance/codeowners
• 03b3f45 Merge pull request #66 from hashicorp/compliance/metad
• 22ed2ac Merge pull request #69 from hashicorp/bflad/node16
• c13192e Update action NodeJS version to 16
• 0e0073d Merge pull request #59 from hashicorp/node16-update-deps
• 4be2312 Add META.d file
• c48de99 Add CODEOWNERS file
• 01bdeeb update outdated dependencies, pin node16 in ci
• Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 5.0.0 to 6.3.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v6.3.0

• Bump undici from 5.28.3 to 5.28.5 in goreleaser/goreleaser-action#488

Full Changelog: goreleaser/goreleaser-action@v6.2.1...v6.3.0

v6.2.1

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix). Older versions should work fine.

[!WARNING] This version is required for GoReleaser Pro v2.7.0+. Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.2.0...v6.2.1

v6.2.0

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix). Older versions should work fine.

[!WARNING] This version is required for GoReleaser Pro v2.7.0+. Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.1.0...v6.2.0

v6.1.0

What's Changed

• chore(deps): bump braces from 3.0.2 to 3.0.3 by @​dependabot in goreleaser/goreleaser-action#467
• chore(deps): bump docker/bake-action from 4 to 5 by @​dependabot in goreleaser/goreleaser-action#468
• chore(deps): bump semver from 7.6.2 to 7.6.3 by @​dependabot in goreleaser/goreleaser-action#470
• chore(deps): bump @​actions/http-client from 2.2.1 to 2.2.2 by @​dependabot in goreleaser/goreleaser-action#473
• chore(deps): bump @​actions/http-client from 2.2.2 to 2.2.3 by @​dependabot in goreleaser/goreleaser-action#474
• chore(deps): bump micromatch from 4.0.5 to 4.0.8 by @​dependabot in goreleaser/goreleaser-action#475
• chore(deps): bump @​actions/core from 1.10.1 to 1.11.1 by @​dependabot in goreleaser/goreleaser-action#478
• docs: bump upload-artifact version by @​dunglas in goreleaser/goreleaser-action#479
• chore: update generated content by @​crazy-max in goreleaser/goreleaser-action#480

New Contributors

• @​dunglas made their first contribution in goreleaser/goreleaser-action#479

Full Changelog: goreleaser/goreleaser-action@v6.0.0...v6.1.0

v6.0.0

[!WARNING] This is a breaking change!

... (truncated)

Commits

• 9c156ee ci: update bake-action to v6 (#493)
• 73c477b chore(deps): bump undici from 5.28.3 to 5.28.5 (#488)
• 19c00a9 chore(deps): bump codecov/codecov-action from 4 to 5 (#481)
• 90a3faa chore(deps): bake vendor
• 0262998 test: fixes
• 450d3a4 test: fix configs
• 25b92ab chore(deps): update semver and tool-cache
• bc0ac76 chore(deps): update actions
• 842e7cc feat: update for goreleaser v2.7
• d28c982 chore(deps): bump cross-spawn from 7.0.3 to 7.0.6 (#482)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

[//]: # (dependabot...

Description has been truncated

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.