Skip to content

chore(deps): actions: bump the all-actions group with 6 updates#528

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/all-actions-4af3d3f0c4
Open

chore(deps): actions: bump the all-actions group with 6 updates#528
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/all-actions-4af3d3f0c4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the all-actions group with 6 updates:

Package From To
actions/checkout 6.0.3 7.0.0
jdx/mise-action 4.1.0 4.2.0
actions/cache 5.0.5 6.1.0
codecov/codecov-action 6.0.0 7.0.0
aws-actions/configure-aws-credentials 6.2.0 6.2.1
github/issue-metrics 4.2.7 4.2.8

Updates actions/checkout from 6.0.3 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates jdx/mise-action from 4.1.0 to 4.2.0

Release notes

Sourced from jdx/mise-action's releases.

v4.2.0: Bootstrap mode & wget fallback

This release adds an opt-in bootstrap mode for projects that use mise bootstrap, and makes the action work on runner images that ship wget but not curl.

Added

Bootstrap mode (#522) by @​jdx

Three new inputs let the action drive mise bootstrap instead of mise install:

- uses: jdx/mise-action@v4
  with:
    bootstrap: true
    bootstrap_skip: "tools,task"   # comma-separated parts to skip
    bootstrap_args: "--yes"        # extra args forwarded to mise bootstrap
  • When bootstrap: true, the action runs mise bootstrap under the existing install gate and sets MISE_EXPERIMENTAL=1 automatically.
  • If a repo mise lock file is present, it runs mise --locked bootstrap, matching the auto-lock behavior introduced for mise install in v4.1.0.
  • install_args cannot be combined with bootstrap: true — the action fails fast and tells you to use bootstrap_skip / bootstrap_args instead, because full bootstrap doesn't support partial tool install args.
  • A new {{bootstrap_hash}} template variable is included in the default cache key (and available in custom cache_key templates) so bootstrap and non-bootstrap configurations don't share caches.

bootstrap_skip relies on mise bootstrap --skip from jdx/mise#10497, so make sure you're on a recent mise version if you use it.

Fixed

  • Fall back to wget when curl is unavailable (#521) by @​risu729 — The action used to hard-code curl for fetching the mise binary, tar/zip archives, and the latest VERSION lookup, which broke on minimal runner images that only ship wget. It now prefers curl and transparently falls back to wget, preserving the streaming download | tar fast path for .tar.gz and .tar.zst installs on Linux/macOS. Proxy support is unchanged — both tools honor HTTP_PROXY/HTTPS_PROXY. Addresses jdx/mise#10488.

Documentation

  • Link the known Rust cache interaction note from the README (#496) by @​risu729.

Full Changelog: jdx/mise-action@v4.1.0...v4.2.0

Changelog

Sourced from jdx/mise-action's changelog.

Changelog


4.2.0 - 2026-06-17

🚀 Features

🐛 Bug Fixes

📚 Documentation

⚙️ Miscellaneous Tasks


4.1.0 - 2026-06-04

🚀 Features

🐛 Bug Fixes

⚙️ Miscellaneous Tasks

... (truncated)

Commits
  • e6a8b39 chore: release v4.2.0 (#504)
  • 884d428 fix: fall back to wget when curl is unavailable (#521)
  • 5f61b63 feat: support bootstrap mode (#522)
  • 03d5391 chore(deps): update node.js to v24.16.0 (#519)
  • 0f82543 chore(deps): update node.js to v24.16.0 (#518)
  • 5d76934 chore(deps): update dependency rollup to v4.61.1 (#516)
  • 80781a5 chore(deps): update jdx/mise-action action to v4.1.0 (#517)
  • f1eae89 chore(deps): update dependency js-yaml to v4.2.0 (#515)
  • ab3e780 chore(deps): update typescript-eslint monorepo to v8.60.1 (#514)
  • 17d3aa0 chore(deps): update github/codeql-action action to v4.36.2 (#513)
  • Additional commits viewable in compare view

Updates actions/cache from 5.0.5 to 6.1.0

Release notes

Sourced from actions/cache's releases.

v6.1.0

What's Changed

Full Changelog: actions/cache@v6...v6.1.0

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR feedback
  • 6074912 Rebuild dist bundles as ESM to match type:module
  • 5a912e8 Fix lint and jest issues
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 6.0.0 to 7.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v6.0.2

This is a copy of the v7.0.0 release to make updates easier

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates aws-actions/configure-aws-credentials from 6.2.0 to 6.2.1

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.2.1

6.2.1 (2026-06-26)

Bug Fixes

  • enforce allowed-account-ids on all auth paths (#1847) (4d281fb)
Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.2.1 (2026-06-26)

Bug Fixes

  • enforce allowed-account-ids on all auth paths (#1847) (4d281fb)

6.2.0 (2026-06-01)

Features

Bug Fixes

  • skip credential check on output-env-credentials: false (#1778) (58e7c47)
  • assumeRole failing from session tag size too large (#1808) (d6f5dc3)

6.1.3 (2026-05-28)

Bug Fixes

  • fix: allow kubelet token symlink in #1805

6.1.2 (2026-05-26)

Bug Fixes

6.1.1 (2026-05-05)

Miscellaneous Chores

  • various dependency updates

6.1.0 (2026-04-06)

Features

... (truncated)

Commits
  • 254c19b chore(main): release 6.2.1 (#1849)
  • a20cf82 chore: Update dist
  • 4d281fb fix: enforce allowed-account-ids on all auth paths (#1847)
  • e004cdc chore(deps-dev): bump @​smithy/property-provider from 4.4.0 to 4.4.2 (#1845)
  • 88aa369 chore: Update dist
  • 687331b chore(deps): bump @​aws-sdk/client-sts from 3.1069.0 to 3.1075.0 (#1841)
  • ea607be chore: Update dist
  • 6d13606 chore(deps): bump @​smithy/node-http-handler from 4.8.0 to 4.8.2 (#1842)
  • 71a32ae chore: Update dist
  • b290f2c chore(deps-dev): bump @​aws-sdk/credential-provider-env (#1844)
  • Additional commits viewable in compare view

Updates github/issue-metrics from 4.2.7 to 4.2.8

Release notes

Sourced from github/issue-metrics's releases.

v4.2.8

Changelog

🧰 Maintenance

See details of all code changes since previous release

Commits
  • 44173f9 chore(deps): bump pyjwt from 2.12.1 to 2.13.0 (#777)
  • 2140cf1 test: raise test coverage to 100% and require it in CI (#775)
  • 8ebb362 chore(deps): bump the dependencies group with 4 updates (#773)
  • 071b954 chore(deps): bump the dependencies group with 4 updates (#771)
  • dee7f6a chore(deps): bump types-pytz from 2026.2.0.20260506 to 2026.2.0.20260518 (#768)
  • f5865cc chore(deps): bump types-requests from 2.33.0.20260513 to 2.33.0.20260518 (#769)
  • 9f01680 chore(deps): bump the dependencies group with 4 updates (#766)
  • c3b6178 chore(deps): bump python from a7185a8 to c845af9 (#765)
  • 633080a chore(deps): bump the dependencies group with 3 updates (#767)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.3` | `7.0.0` |
| [jdx/mise-action](https://github.com/jdx/mise-action) | `4.1.0` | `4.2.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `7.0.0` |
| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `6.2.0` | `6.2.1` |
| [github/issue-metrics](https://github.com/github/issue-metrics) | `4.2.7` | `4.2.8` |


Updates `actions/checkout` from 6.0.3 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

Updates `jdx/mise-action` from 4.1.0 to 4.2.0
- [Release notes](https://github.com/jdx/mise-action/releases)
- [Changelog](https://github.com/jdx/mise-action/blob/main/CHANGELOG.md)
- [Commits](jdx/mise-action@dba1968...e6a8b39)

Updates `actions/cache` from 5.0.5 to 6.1.0
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@27d5ce7...55cc834)

Updates `codecov/codecov-action` from 6.0.0 to 7.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@57e3a13...fb8b358)

Updates `aws-actions/configure-aws-credentials` from 6.2.0 to 6.2.1
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@e7f100c...254c19b)

Updates `github/issue-metrics` from 4.2.7 to 4.2.8
- [Release notes](https://github.com/github/issue-metrics/releases)
- [Commits](github-community-projects/issue-metrics@1e38d5e...44173f9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: jdx/mise-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-actions
- dependency-name: actions/cache
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-actions
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 6.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-actions
- dependency-name: github/issue-metrics
  dependency-version: 4.2.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 4, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 4, 2026 06:14
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 4, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants