Skip to content

build(deps): bump the github-actions group across 1 directory with 6 updates#707

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-991ba75bd3
Open

build(deps): bump the github-actions group across 1 directory with 6 updates#707
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-991ba75bd3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 6 updates in the / directory:

Package From To
actions/checkout 6 7
chainguard-dev/actions/nodiff 1.6.11 1.6.26
codecov/codecov-action 6.0.0 7.0.0
slackapi/slack-github-action 3.0.1 3.0.3
aquasecurity/trivy-action 0.35.0 0.36.0
webiny/action-conventional-commits 1.3.1 1.4.2

Updates actions/checkout from 6 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates chainguard-dev/actions/nodiff from 1.6.11 to 1.6.26

Release notes

Sourced from chainguard-dev/actions/nodiff's releases.

v1.6.26

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.25...v1.6.26

v1.6.25

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.24...v1.6.25

v1.6.24

What's Changed

... (truncated)

Commits
  • f0be699 group updates for actions when we have patch updates (#983)
  • 9d74f5e build(deps): bump zizmorcore/zizmor-action from 0.5.6 to 0.5.7 (#974)
  • fc8da5b build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 (#975)
  • 6f62df3 build(deps): bump chainguard-dev/actions in /git-tag (#976)
  • 9b816d3 build(deps): bump chainguard-dev/actions from 1.6.24 to 1.6.25 in /gofmt (#977)
  • c8cb263 build(deps): bump chainguard-dev/actions in /goimports (#978)
  • 5bac86c build(deps): bump chainguard-dev/actions in /melange-build (#980)
  • 4580d94 build(deps): bump chainguard-dev/actions in /inky-build-pkg (#979)
  • 71b359f build(deps): bump chainguard-dev/actions in /release-notes (#981)
  • fc09e6d build(deps): bump chainguard-dev/actions in /wolfi-build-pkg (#982)
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 6.0.0 to 7.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v6.0.2

This is a copy of the v7.0.0 release to make updates easier

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates slackapi/slack-github-action from 3.0.1 to 3.0.3

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack GitHub Action v3.0.3

Patch Changes

  • 66834e4: feat: add instrumentation to address error rates

Slack GitHub Action v3.0.2

Patch Changes

  • 79529d7: fix: resolve url.parse deprecation warning for webhook techniques
Changelog

Sourced from slackapi/slack-github-action's changelog.

slack-github-action

3.0.3

Patch Changes

  • 66834e4: feat: add instrumentation to address error rates

3.0.2

Patch Changes

  • 79529d7: fix: resolve url.parse deprecation warning for webhook techniques
Commits
  • 45a88b9 chore: release
  • 1c0bcf0 chore: release (#606)
  • 66834e4 feat: add instrumentation to address error rates (#600)
  • 0fe0f90 build(deps): bump @​actions/github from 9.0.0 to 9.1.1 (#605)
  • c5e7059 build(deps): bump @​slack/web-api from 7.15.0 to 7.15.1 (#604)
  • 0325526 build(deps-dev): bump @​biomejs/biome from 2.4.10 to 2.4.13 (#601)
  • 900cd3e build(deps-dev): bump @​types/node from 24.12.0 to 24.12.2 (#603)
  • 53fdcff build(deps): bump @​actions/core from 3.0.0 to 3.0.1 (#602)
  • 26856cc build(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.2 (#596)
  • feba1e2 ci: skip publish step if no release is needed (#599)
  • Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.35.0 to 0.36.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

New Contributors

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits
  • ed142fd chore: update action version to v0.36.0 in examples (#563)
  • dea62cf chore(deps): Update trivy to v0.70.0 (#559)
  • 128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
  • 876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
  • dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
  • 4a2deec fix: use portable shebang in entrypoint.sh (#545)
  • 1994662 chore(deps): bump the actions group with 5 updates (#558)
  • 6b36659 chore: add zizmor config (#557)
  • 316aa5a ci: add dependabot config (#556)
  • 264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
  • Additional commits viewable in compare view

Updates webiny/action-conventional-commits from 1.3.1 to 1.4.2

Commits
  • 7f91b15 fix: allow 'improvement' prefix
  • 096eff5 fix: allow 'improvement' prefix
  • b6cc3cc docs: update latest version
  • 6a05e2b feat: use node24
  • b34f00b Merge remote-tracking branch 'origin/master'
  • 0fecf10 feat: refactor commit message validation to use exception list
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…updates

Bumps the github-actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6` | `7` |
| [chainguard-dev/actions/nodiff](https://github.com/chainguard-dev/actions) | `1.6.11` | `1.6.26` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `7.0.0` |
| [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `3.0.1` | `3.0.3` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` |
| [webiny/action-conventional-commits](https://github.com/webiny/action-conventional-commits) | `1.3.1` | `1.4.2` |



Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

Updates `chainguard-dev/actions/nodiff` from 1.6.11 to 1.6.26
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](chainguard-dev/actions@8bb24c2...f0be699)

Updates `codecov/codecov-action` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v6.0.0...v7.0.0)

Updates `slackapi/slack-github-action` from 3.0.1 to 3.0.3
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Changelog](https://github.com/slackapi/slack-github-action/blob/main/CHANGELOG.md)
- [Commits](slackapi/slack-github-action@af78098...45a88b9)

Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@57a97c7...ed142fd)

Updates `webiny/action-conventional-commits` from 1.3.1 to 1.4.2
- [Release notes](https://github.com/webiny/action-conventional-commits/releases)
- [Commits](webiny/action-conventional-commits@v1.3.1...v1.4.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: chainguard-dev/actions/nodiff
  dependency-version: 1.6.26
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: slackapi/slack-github-action
  dependency-version: 3.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: aquasecurity/trivy-action
  dependency-version: 0.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: webiny/action-conventional-commits
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added the area/dependencies Affects dependencies label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/dependencies Affects dependencies

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants