Bump the github-actions group across 1 directory with 10 updates #2689

dependabot · 2025-11-24T05:43:06Z

Bumps the github-actions group with 10 updates in the / directory:

Package	From	To
actions/checkout	`4`	`6`
actions/setup-python	`5.6.0`	`6.0.0`
actions/upload-artifact	`4.6.2`	`5.0.0`
actions/download-artifact	`4`	`6`
actions/cache	`4.2.3`	`4.3.0`
ncipollo/release-action	`1.18.0`	`1.20.0`
codecov/codecov-action	`5.4.3`	`5.5.1`
py-cov-action/python-coverage-comment-action	`3.35`	`3.39`
actions/create-github-app-token	`2.0.6`	`2.2.0`
peter-evans/create-pull-request	`7.0.8`	`7.0.9`

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Commits

1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
See full diff in compare view

Updates actions/setup-python from 5.6.0 to 6.0.0

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

Commits

e797f83 Upgrade to node 24 (#1164)
3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
5b668cf Bump actions/checkout from 4 to 5 (#1181)
f62a0e2 Change missing cache directory error to warning (#1182)
9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
36da51d Add version parsing from Pipfile (#1067)
3c6f142 update documentation (#1156)
Additional commits viewable in compare view

Updates actions/upload-artifact from 4.6.2 to 5.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v5.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README.md by @GhadimiR in actions/upload-artifact#681

Update README.md by @nebuk89 in actions/upload-artifact#712

Readme: spell out the first use of GHES by @danwkennedy in actions/upload-artifact#727

Update GHES guidance to include reference to Node 20 version by @patrikpolyak in actions/upload-artifact#725

Bump @actions/artifact to v4.0.0

Prepare v5.0.0 by @danwkennedy in actions/upload-artifact#734

New Contributors

@GhadimiR made their first contribution in actions/upload-artifact#681

@nebuk89 made their first contribution in actions/upload-artifact#712

@danwkennedy made their first contribution in actions/upload-artifact#727

@patrikpolyak made their first contribution in actions/upload-artifact#725

Full Changelog: actions/upload-artifact@v4...v5.0.0

Commits

330a01c Merge pull request #734 from actions/danwkennedy/prepare-5.0.0
03f2824 Update github.dep.yml
905a1ec Prepare v5.0.0
2d9f9cd Merge pull request #725 from patrikpolyak/patch-1
9687587 Merge branch 'main' into patch-1
2848b2c Merge pull request #727 from danwkennedy/patch-1
9b51177 Spell out the first use of GHES
cd231ca Update GHES guidance to include reference to Node 20 version
de65e23 Merge pull request #712 from actions/nebuk89-patch-1
8747d8c Update README.md
Additional commits viewable in compare view

Updates actions/download-artifact from 4 to 6

Release notes

Sourced from actions/download-artifact's releases.

v6.0.0

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

Update README for download-artifact v5 changes by @yacaovsnc in actions/download-artifact#417

Update README with artifact extraction details by @yacaovsnc in actions/download-artifact#424

Readme: spell out the first use of GHES by @danwkennedy in actions/download-artifact#431

Bump @actions/artifact to v4.0.0

Prepare v6.0.0 by @danwkennedy in actions/download-artifact#438

New Contributors

@danwkennedy made their first contribution in actions/download-artifact#431

Full Changelog: actions/download-artifact@v5...v6.0.0

v5.0.0

What's Changed

Update README.md by @nebuk89 in actions/download-artifact#407

BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @GrantBirki in actions/download-artifact#416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

By name: name: my-artifact → extracted to path/ (direct)

By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

By name: name: my-artifact → extracted to path/ (unchanged)

By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:

You download artifacts by name

You download multiple artifacts by ID

You already use merge-multiple: true as a workaround

⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

... (truncated)

Commits

018cc2c Merge pull request #438 from actions/danwkennedy/prepare-6.0.0
815651c Revert "Remove github.dep.yml"
bb3a066 Remove github.dep.yml
fa1ce46 Prepare v6.0.0
4a24838 Merge pull request #431 from danwkennedy/patch-1
5e3251c Readme: spell out the first use of GHES
abefc31 Merge pull request #424 from actions/yacaovsnc/update_readme
ac43a60 Update README with artifact extraction details
de96f46 Merge pull request #417 from actions/yacaovsnc/update_readme
7993cb4 Remove migration guide for artifact download changes
Additional commits viewable in compare view

Updates actions/cache from 4.2.3 to 4.3.0

Release notes

Sourced from actions/cache's releases.

v4.3.0

What's Changed

Add note on runner versions by @GhadimiR in actions/cache#1642

Prepare v4.3.0 release by @Link- in actions/cache#1655

New Contributors

@GhadimiR made their first contribution in actions/cache#1642

Full Changelog: actions/cache@v4...v4.3.0

v4.2.4

What's Changed

Update README.md by @nebuk89 in actions/cache#1620

Upgrade @actions/cache to 4.0.5 and move @protobuf-ts/plugin to dev depdencies by @Link- in actions/cache#1634

Prepare release 4.2.4 by @Link- in actions/cache#1636

New Contributors

@nebuk89 made their first contribution in actions/cache#1620

Full Changelog: actions/cache@v4...v4.2.4

Changelog

Sourced from actions/cache's changelog.

Releases

4.3.0

Bump @actions/cache to v4.1.0

4.2.4

Bump @actions/cache to v4.0.5

4.2.3

Bump @actions/cache to v4.0.3 (obfuscates SAS token in debug logs for cache entries)

4.2.2

Bump @actions/cache to v4.0.2

4.2.1

Bump @actions/cache to v4.0.1

4.2.0

TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. actions/cache now integrates with the new cache service (v2) APIs.

The new service will gradually roll out as of February 1st, 2025. The legacy service will also be sunset on the same date. Changes in these release are fully backward compatible.

We are deprecating some versions of this action. We recommend upgrading to version v4 or v3 as soon as possible before February 1st, 2025. (Upgrade instructions below).

If you are using pinned SHAs, please use the SHAs of versions v4.2.0 or v3.4.0

If you do not upgrade, all workflow runs using any of the deprecated actions/cache will fail.

Upgrading to the recommended versions will not break your workflows.

4.1.2

Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - #1474

Security fix: Bump braces from 3.0.2 to 3.0.3 - #1475

4.1.1

Restore original behavior of cache-hit output - #1467

4.1.0

Ensure cache-hit output is set when a cache is missed - #1404

Deprecate save-always input - #1452

... (truncated)

Commits

0057852 Merge pull request #1655 from actions/Link-/prepare-4.3.0
4f5ea67 Update licensed cache
9fcad95 Upgrade actions/cache to 4.1.0 and prepare 4.3.0 release
638ed79 Merge pull request #1642 from actions/GhadimiR-patch-1
3862dcc Add note on runner versions
0400d5f Merge pull request #1636 from actions/Link-/release-4.2.4
374a27f Prepare release 4.2.4
358a730 Merge pull request #1634 from actions/Link-/optimise-deps
2ee706e Fix with another approach
94f7b5d Fix bundle exec
Additional commits viewable in compare view

Updates ncipollo/release-action from 1.18.0 to 1.20.0

Release notes

Sourced from ncipollo/release-action's releases.

v1.20.0

What's Changed

Fixes #542 Add previous tag option by @ncipollo in ncipollo/release-action#550

Full Changelog: ncipollo/release-action@v1...v1.20.0

v1.19.2

What's Changed

Update immutableCreate's default in the documentation by @bblanchon in ncipollo/release-action#547

Fixes #548 Add support body + generated release notes by @ncipollo in ncipollo/release-action#549

New Contributors

@bblanchon made their first contribution in ncipollo/release-action#547

Full Changelog: ncipollo/release-action@v1...v1.19.2

v1.19.1

Defaults immutableCreate to false if it is omitted.

Full Changelog: ncipollo/release-action@v1.19.0...v1.19.1

v1.19.0

What's Changed

Fixes #540 Add support for immutable releases by @ncipollo in ncipollo/release-action#544

Bump actions/checkout from 4 to 5 by @dependabot[bot] in ncipollo/release-action#541

Bump glob from 11.0.2 to 11.0.3 by @dependabot[bot] in ncipollo/release-action#534

Full Changelog: ncipollo/release-action@v1...v1.19.0

Commits

b7eabc9 preparing release 1.20.0
e87de4c Fixes #542 Add previous tag option (#550)
98d25d4 preparing release 1.19.2
d360126 Fixes #548 Add support body + generated release notes (#549)
571fe81 Update immutableCreate's default in the documentation (#547)
1c89adf preparing release 1.19.1
36bf8dd References #545 Default immutable builds to false
b12185d preparing release 1.19.0
defcf13 Fixes #540 Add support for immutable releases (#544)
05013d5 Standardize on separate call to generate release notes
Additional commits viewable in compare view

Updates codecov/codecov-action from 5.4.3 to 5.5.1

Release notes

Sourced from codecov/codecov-action's releases.

v5.5.1

What's Changed

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot[bot] in codecov/codecov-action#1833

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @dependabot[bot] in codecov/codecov-action#1861

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

docs: fix typo in README by @datalater in codecov/codecov-action#1866

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @dependabot[bot] in codecov/codecov-action#1867

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @dependabot[bot] in codecov/codecov-action#1868

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

chore(release): 5.5.1 by @thomasrockhu-codecov in codecov/codecov-action#1873

New Contributors

@datalater made their first contribution in codecov/codecov-action#1866

Full Changelog: codecov/codecov-action@v5.5.0...v5.5.1

v5.5.0

What's Changed

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot[bot] in codecov/codecov-action#1829

docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837

fix: Typo in README by @spalmurray in codecov/codecov-action#1838

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

chore(release): 5.5.0 by @thomasrockhu-codecov in codecov/codecov-action#1865

New Contributors

@spalmurray made their first contribution in codecov/codecov-action#1837

@martincostello made their first contribution in codecov/codecov-action#1859

@jviall made their first contribution in codecov/codecov-action#1864

Full Changelog: codecov/codecov-action@v5.4.3...v5.5.0

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.1

What's Changed

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in codecov/codecov-action#1868

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in codecov/codecov-action#1867

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

docs: fix typo in README by @datalater in codecov/codecov-action#1866

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in codecov/codecov-action#1861

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

fix: Typo in README by @spalmurray in codecov/codecov-action#1838

docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in codecov/codecov-action#1822

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2

v5.4.1

... (truncated)

Commits

5a10915 chore(release): 5.5.1 (#1873)
3e0ce21 fix: overwrite pr number on fork (#1871)
c4741c8 build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1868)
17370e8 build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (#1867)
18fdacf fix: update to use local app/ dir (#1872)
206148c docs: fix typo in README (#1866)
3cb13a1 Document a codecov-cli version reference example (#1774)
a4803c1 build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 (#1861)
3139621 build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 (#1833)
fdcc847 chore(release): 5.5.0 (#1865)
Additional commits viewable in compare view

Updates py-cov-action/python-coverage-comment-action from 3.35 to 3.39

Release notes

Sourced from py-cov-action/python-coverage-comment-action's releases.

v3.39

What's Changed

Switch to 3.14, add typing by @ewjoachim in py-cov-action/python-coverage-comment-action#618

Bump base image to v7 by @ewjoachim in py-cov-action/python-coverage-comment-action#619

Full Changelog: py-cov-action/python-coverage-comment-action@v3.38...v3.39

v3.38

What's Changed

feat: Expose coverage data as action outputs by @olivier-lacroix in py-cov-action/python-coverage-comment-action#594 See README for details.

[!NOTE] The official name of the output previously known as COMMENT_FILE_WRITTEN is now comment_file_written but GitHub outputs are case insensitive, so previously written code will continue to work

Full Changelog: py-cov-action/python-coverage-comment-action@v3...v3.38

v3.37

What's Changed

feat: Handle Merge Queues by @olivier-lacroix in py-cov-action/python-coverage-comment-action#592

New Contributors

@olivier-lacroix made their first contribution in py-cov-action/python-coverage-comment-action#592

Full Changelog: py-cov-action/python-coverage-comment-action@v3.36...v3.37

v3.36

What's Changed

Adds additional support for Github enterprise usecases & support for pull_request/closed trigger by @daniel-anya in py-cov-action/python-coverage-comment-action#589

Full Changelog: py-cov-action/python-coverage-comment-action@v3.35...v3.36

Commits

e623398 Merge pull request #619 from py-cov-action/update
5a4ce20 Bump to v7
7103ca5 Merge pull request #618 from py-cov-action/update
e2bc11c Cancel in progress
33f4865 small GHA fixes
6220450 Basedpyright runs directly in GHA
a043676 Test fixes
dbc28d9 config sync
9034ca5 Fix typing
c33865c py3.14
Additional commits viewable in compare view

Updates actions/create-github-app-token from 2.0.6 to 2.2.0

Release notes

Sourced from actions/create-github-app-token's releases.

v2.2.0

2.2.0 (2025-11-21)

Bug Fixes

deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)

deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

deps: bump the production-dependencies group with 2 updates (#292) (55e2a4b)

Features

update permission inputs (#296) (d90aa53)

v2.1.4

2.1.4 (2025-09-13)

Bug Fixes

deps: bump @octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)

v2.1.3

2.1.3 (2025-09-13)

Bug Fixes

deps: bump undici from 7.8.0 to 7.10.0 in the production-dependencies group (#254) (f3d5ec2)

v2.1.2

2.1.2 (2025-09-12)

Bug Fixes

deps: bump @octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)

v2.1.1

2.1.1 (2025-08-11)

Bug Fixes

... (truncated)

Commits

7e473ef build(release): 2.2.0 [skip ci]
dce3be8 fix(deps): bump p-retry from 6.2.1 to 7.1.0 (#294)
5480f43 fix(deps): bump glob from 10.4.5 to 10.5.0 (#305)
d90aa53 feat: update permission inputs (#296)
55e2a4b fix(deps): bump the production-dependencies group with 2 updates (#292)
cc6f999 ci(test): trigger on merge_group (#308)
40fa6b5 build(deps-dev): bump @sinonjs/fake-timers from 14.0.0 to 15.0.0 (#295)
396e502 build(deps): bump actions/checkout from 5 to 6 (#306)
f48f2eb build(deps): bump stefanzweifel/git-auto-commit-action from 6.0.1 to 7.0.0 (#...
b7f83f6 build(deps): bump actions/setup-node from 4 to 6 (#299)
Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 7.0.8 to 7.0.9

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.9

⚙️ Fixes an incompatibility with the recently released actions/checkout@v6.

What's Changed

~70 dependency updates by @dependabot

docs: fix workaround description about ready_for_review by @ybiquitous in peter-evans/create-pull-request#3939

Docs: add-paths default behavior by @joeflack4 in peter-evans/create-pull-request#3928

docs: update to create-github-app-token v2 by @Goooler in peter-evans/create-pull-request#4063

Fix compatibility with actions/checkout@v6 by @ericsciple in peter-evans/create-pull-request#4230

New Contributors

github-actions · 2025-11-24T05:45:10Z

Coverage report

Click to see where and how coverage changed

File	Statements	Missing	Coverage	Coverage (new stmts)	Lines missing
amdsharktank/amdsharktank/kernels
mlir_kernel.py
amdsharktank/amdsharktank/layers/configs
llm_configs.py
amdsharktank/amdsharktank/models/flux
flux.py
amdsharktank/amdsharktank/models/llm
config.py
amdsharktank/amdsharktank/models/punet
config.py
amdsharktank/amdsharktank/types
tensors.py
theta.py
amdsharktank/amdsharktank/utils
hf_datasets.py
llm_tasks.py
llm_utils.py
testing.py
Project Total

_{This report was generated by python-coverage-comment-action}

Bumps the github-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.6.0` | `6.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `5.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `6` | | [actions/cache](https://github.com/actions/cache) | `4.2.3` | `4.3.0` | | [ncipollo/release-action](https://github.com/ncipollo/release-action) | `1.18.0` | `1.20.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.4.3` | `5.5.1` | | [py-cov-action/python-coverage-comment-action](https://github.com/py-cov-action/python-coverage-comment-action) | `3.35` | `3.39` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `2.0.6` | `2.2.0` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.8` | `7.0.9` | Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v4...v6) Updates `actions/setup-python` from 5.6.0 to 6.0.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a26af69...e797f83) Updates `actions/upload-artifact` from 4.6.2 to 5.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@ea165f8...330a01c) Updates `actions/download-artifact` from 4 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v6) Updates `actions/cache` from 4.2.3 to 4.3.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@5a3ec84...0057852) Updates `ncipollo/release-action` from 1.18.0 to 1.20.0 - [Release notes](https://github.com/ncipollo/release-action/releases) - [Commits](ncipollo/release-action@bcfe547...b7eabc9) Updates `codecov/codecov-action` from 5.4.3 to 5.5.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@18283e0...5a10915) Updates `py-cov-action/python-coverage-comment-action` from 3.35 to 3.39 - [Release notes](https://github.com/py-cov-action/python-coverage-comment-action/releases) - [Commits](py-cov-action/python-coverage-comment-action@9191068...e623398) Updates `actions/create-github-app-token` from 2.0.6 to 2.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](actions/create-github-app-token@df432ce...7e473ef) Updates `peter-evans/create-pull-request` from 7.0.8 to 7.0.9 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@271a8d0...84ae59a) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/cache dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: ncipollo/release-action dependency-version: 1.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 5.5.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: py-cov-action/python-coverage-comment-action dependency-version: '3.39' dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/create-github-app-token dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-version: 7.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 24, 2025

dependabot bot force-pushed the dependabot/github_actions/github-actions-ec5af89d34 branch from 6c9ef98 to 5cfee10 Compare November 24, 2025 10:19

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the github-actions group across 1 directory with 10 updates #2689

Bump the github-actions group across 1 directory with 10 updates #2689

Uh oh!

dependabot bot commented on behalf of github Nov 24, 2025 •

edited

Loading

Uh oh!

github-actions bot commented Nov 24, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the github-actions group across 1 directory with 10 updates #2689

Are you sure you want to change the base?

Bump the github-actions group across 1 directory with 10 updates #2689

Uh oh!

Conversation

dependabot bot commented on behalf of github Nov 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.0.0

What's Changed

New Contributors

v6.0.0

What's Changed

New Contributors

v5.0.0

What's Changed

v5.0.0

🚨 Breaking Change

What Changed

Migration Guide

✅ No Action Needed If:

⚠️ Action Required If:

v4.3.0

What's Changed

New Contributors

v4.2.4

What's Changed

New Contributors

Releases

4.3.0

4.2.4

4.2.3

4.2.2

4.2.1

4.2.0

4.1.2

4.1.1

4.1.0

v1.20.0

What's Changed

v1.19.2

What's Changed

New Contributors

v1.19.1

v1.19.0

What's Changed

v5.5.1

What's Changed

New Contributors

v5.5.0

What's Changed

New Contributors

v5.5.1

What's Changed

v5.5.0

What's Changed

v5.4.3

What's Changed

v5.4.2

What's Changed

v5.4.1

dependabot bot commented on behalf of github Nov 24, 2025 •

edited

Loading

github-actions bot commented Nov 24, 2025 •

edited

Loading