Bump the github-actions group with 5 updates #217

dependabot · 2024-02-26T11:14:31Z

Bumps the github-actions group with 5 updates:

Package	From	To
actions/checkout	`3`	`4`
actions/setup-python	`4`	`5`
actions/setup-node	`3`	`4`
pre-commit/action	`3.0.0`	`3.0.1`
codecov/codecov-action	`3`	`4`

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

Update default runtime to node20 by @takost in actions/checkout#1436

Support fetching without the --progress option by @simonbaird in actions/checkout#1067

Release 4.0.0 by @takost in actions/checkout#1447

New Contributors

@takost made their first contribution in actions/checkout#1436

@simonbaird made their first contribution in actions/checkout#1067

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

Mark test scripts with Bash'isms to be run via Bash by @dscho in actions/checkout#1377

Add option to fetch tags even if fetch-depth > 0 by @RobertWieczoreck in actions/checkout#579

Release 3.6.0 by @luketomlinson in actions/checkout#1437

New Contributors

@RobertWieczoreck made their first contribution in actions/checkout#579

@luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by @megamanics in actions/checkout#1196

Fix typos found by codespell by @DimitriPapadopoulos in actions/checkout#1287

Add support for sparse checkouts by @dscho and @dfdez in actions/checkout#1369

Release v3.5.3 by @TingluoHuang in actions/checkout#1376

New Contributors

@megamanics made their first contribution in actions/checkout#1196

@DimitriPapadopoulos made their first contribution in actions/checkout#1287

@dfdez made their first contribution in actions/checkout#1369

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

Fix: Use correct API url / endpoint in GHES by @fhammerl in actions/checkout#1289 based on #1286 by @1newsr

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

Improve checkout performance on Windows runners by upgrading @actions/github dependency by @BrettDong in actions/checkout#1246

New Contributors

@BrettDong made their first contribution in actions/checkout#1246

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.0

Add support for partial checkout filters

v4.0.0

Support fetching without the --progress option

Update to node20

v3.6.0

Fix: Mark test scripts with Bash'isms to be run via Bash

Add option to fetch tags even if fetch-depth > 0

v3.5.3

Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in

Fix typos found by codespell

Add support for sparse checkouts

v3.5.2

Fix api endpoint for GHES

v3.5.1

Fix slow checkout on Windows

v3.5.0

Add new public key for known_hosts

v3.4.0

Upgrade codeql actions to v2

Upgrade dependencies

Upgrade @actions/io

v3.3.0

Implement branch list using callbacks from exec function

Add in explicit reference to private checkout options

[Fix comment typos (that got added in #770)](actions/checkout#1057)

v3.2.0

Add GitHub Action to perform release

Fix status badge

Replace datadog/squid with ubuntu/squid Docker image

Wrap pipeline commands for submoduleForeach in quotes

Update @actions/io to 1.1.2

Upgrading version to 3.2.0

v3.1.0

Use @actions/core saveState and getState

Add github-server-url input

v3.0.2

... (truncated)

Commits

b4ffde6 Link to release page from what's new section (#1514)
8530928 Correct link to GitHub Docs (#1511)
7cdaf2f Update CODEOWNERS to Launch team (#1510)
8ade135 Prepare 4.1.0 release (#1496)
c533a0a Add support for partial checkout filters (#1396)
72f2cec Update README.md for V4 (#1452)
3df4ab1 Release 4.0.0 (#1447)
8b5e8b7 Support fetching without the --progress option (#1067)
97a652b Update default runtime to node20 (#1436)
See full diff in compare view

Updates actions/setup-python from 4 to 5

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py
Besides, the release contains such changes as:

Trim python version when reading from file by @FerranPares in actions/setup-python#628

Use non-deprecated versions in examples by @jeffwidman in actions/setup-python#724

Change deprecation comment to past tense by @jeffwidman in actions/setup-python#723

Bump @babel/traverse from 7.9.0 to 7.23.2 by @dependabot in actions/setup-python#743

advanced-usage.md: Encourage the use actions/checkout@v4 by @cclauss in actions/setup-python#729

Examples now use checkout@v4 by @simonw in actions/setup-python#738

Update actions/checkout to v4 by @dmitry-shibanov in actions/setup-python#761

New Contributors

@FerranPares made their first contribution in actions/setup-python#628

@timfel made their first contribution in actions/setup-python#694

@jeffwidman made their first contribution in actions/setup-python#724

Full Changelog: actions/setup-python@v4...v4.8.0

v4.7.1

What's Changed

Bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in actions/setup-python#702

Add range validation for toml files by @dmitry-shibanov in actions/setup-python#726

Full Changelog: actions/setup-python@v4...v4.7.1

v4.7.0

In scope of this release, the support for reading python version from pyproject.toml was added (actions/setup-python#669).
      - name: Setup Python
        uses: actions/setup-python@v4
</tr></table> 

... (truncated)

Commits

0a5c615 Update action to node20 (#772)
0ae5836 Add example of GraalPy to docs (#773)
b64ffca update actions/checkout to v4 (#761)
8d28961 Examples now use checkout@v4 (#738)
7bc6abb advanced-usage.md: Encourage the use actions/checkout@v4 (#729)
e8111ce Bump @babel/traverse from 7.9.0 to 7.23.2 (#743)
a00ea43 add fix for graalpy ci (#741)
8635b1c Change deprecation comment to past tense (#723)
f6cc428 Use non-deprecated versions in examples (#724)
5f2af21 Add GraalPy support (#694)
Additional commits viewable in compare view

Updates actions/setup-node from 3 to 4

Release notes

Sourced from actions/setup-node's releases.

v4.0.0

What's Changed

In scope of this release we changed version of node runtime for action from node16 to node20 and updated dependencies in actions/setup-node#866

Besides, release contains such changes as:

Upgrade actions/checkout to v4 by @gmembre-zenika in actions/setup-node#868

Update actions/checkout for documentation and yaml by @dmitry-shibanov in actions/setup-node#876

New Contributors

@gmembre-zenika made their first contribution in actions/setup-node#868

Full Changelog: actions/setup-node@v3...v4.0.0

v3.8.2

What's Changed

Update semver by @dmitry-shibanov in actions/setup-node#861

Update temp directory creation by @nikolai-laevskii in actions/setup-node#859

Bump @babel/traverse from 7.15.4 to 7.23.2 by @dependabot in actions/setup-node#870

Add notice about binaries not being updated yet by @nikolai-laevskii in actions/setup-node#872

Update toolkit cache and core by @dmitry-shibanov and @seongwon-privatenote in actions/setup-node#875

Full Changelog: actions/setup-node@v3...v3.8.2

v3.8.1

What's Changed

In scope of this release, the filter was removed within the cache-save step by @dmitry-shibanov in actions/setup-node#831. It is filtered and checked in the toolkit/cache library.

Full Changelog: actions/setup-node@v3...v3.8.1

v3.8.0

What's Changed

Bug fixes:

Add check for existing paths by @dmitry-shibanov in actions/setup-node#803

Resolve SymbolicLink by @dmitry-shibanov in actions/setup-node#809

Change passing logic for cache input by @dmitry-shibanov in actions/setup-node#816

Fix armv7 cache issue by @louislam in actions/setup-node#794

Update check-dist workflow name by @sinchang in actions/setup-node#710

Feature implementations:

feat: handling the case where "node" is used for tool-versions file. by @xytis in actions/setup-node#812

Documentation changes:

Refer to semver package name in README.md by @olleolleolle in actions/setup-node#808

Update dependencies:

Update toolkit cache to fix zstd by @dmitry-shibanov in actions/setup-node#804

Bump tough-cookie and @azure/ms-rest-js by @dependabot in actions/setup-node#802

Bump semver from 6.1.2 to 6.3.1 by @dependabot in actions/setup-node#807

... (truncated)

Commits

60edb5d Add support for arm64 Windows (#927)
d86ebcd Add support for volta.extends (#921)
b39b52d Fix node-version-file interprets entire package.json as a version (#865)
7247617 Add package.json to node-version-file list of examples. (#879)
f3ec4ca Fix README.md (#898)
ec97f37 Add fix for cache (#917)
5ef044f Update reusable workflows to use Node.js v20 (#889)
c45882a update to setup-node@v4 in docs (#884)
ee36e8b Ignore engines check in Yarn 1 e2e-cache tests (#882)
8f152de Update actions/checkout for documentation and yaml (#876)
Additional commits viewable in compare view

Updates pre-commit/action from 3.0.0 to 3.0.1

Release notes

Sourced from pre-commit/action's releases.

pre-commit/action@v3.0.1

Misc

Update actions/cache to v4

#190 PR by @SukiCZ.

#189 issue by @bakerkj.

Commits

2c7b380 v3.0.1
8e2deeb Merge pull request #190 from SukiCZ/upgrade-action/cache-v4
0dbc303 Upgrade action/cache to v4. Fixes: #189
c7d159c Merge pull request #185 from pre-commit/asottile-patch-1
9dd4237 fix main badge
37faf8a Merge pull request #184 from pre-commit/pre-commit-ci-update-config
049686e [pre-commit.ci] pre-commit autoupdate
5f528da move back to maintenance-only
efd3bcf Merge pull request #170 from pre-commit/pre-commit-ci-update-config
df308c7 [pre-commit.ci] pre-commit autoupdate
Additional commits viewable in compare view

Updates codecov/codecov-action from 3 to 4

Release notes

Sourced from codecov/codecov-action's releases.

v4.0.0

v4 of the Codecov Action uses the CLI as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.

Breaking Changes

The Codecov Action runs as a node20 action due to node16 deprecation. See this post from GitHub on how to migrate.

Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This doc shows instructions on how to add the Codecov token.

OS platforms have been added, though some may not be automatically detected. To see a list of platforms, see our CLI download page

Various arguments to the Action have been changed. Please be aware that the arguments match with the CLI's needs

v3 versions and below will not have access to CLI features (e.g. global upload token, ATS).

What's Changed

build(deps): bump openpgp from 5.8.0 to 5.9.0 by @dependabot in codecov/codecov-action#985

build(deps): bump actions/checkout from 3.0.0 to 3.5.3 by @dependabot in codecov/codecov-action#1000

build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0 by @dependabot in codecov/codecov-action#1006

build(deps): bump tough-cookie from 4.0.0 to 4.1.3 by @dependabot in codecov/codecov-action#1013

build(deps-dev): bump word-wrap from 1.2.3 to 1.2.4 by @dependabot in codecov/codecov-action#1024

build(deps): bump node-fetch from 3.3.1 to 3.3.2 by @dependabot in codecov/codecov-action#1031

build(deps-dev): bump @types/node from 20.1.4 to 20.4.5 by @dependabot in codecov/codecov-action#1032

build(deps): bump github/codeql-action from 1.0.26 to 2.21.2 by @dependabot in codecov/codecov-action#1033

build commit,report and upload args based on codecovcli by @dana-yaish in codecov/codecov-action#943

build(deps-dev): bump @types/node from 20.4.5 to 20.5.3 by @dependabot in codecov/codecov-action#1055

build(deps): bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in codecov/codecov-action#1051

build(deps-dev): bump @types/node from 20.5.3 to 20.5.4 by @dependabot in codecov/codecov-action#1058

chore(deps): update outdated deps by @thomasrockhu-codecov in codecov/codecov-action#1059

build(deps-dev): bump @types/node from 20.5.4 to 20.5.6 by @dependabot in codecov/codecov-action#1060

build(deps-dev): bump @typescript-eslint/parser from 6.4.1 to 6.5.0 by @dependabot in codecov/codecov-action#1065

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.4.1 to 6.5.0 by @dependabot in codecov/codecov-action#1064

build(deps): bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in codecov/codecov-action#1063

build(deps-dev): bump eslint from 8.47.0 to 8.48.0 by @dependabot in codecov/codecov-action#1061

build(deps-dev): bump @types/node from 20.5.6 to 20.5.7 by @dependabot in codecov/codecov-action#1062

build(deps): bump openpgp from 5.9.0 to 5.10.1 by @dependabot in codecov/codecov-action#1066

build(deps-dev): bump @types/node from 20.5.7 to 20.5.9 by @dependabot in codecov/codecov-action#1070

build(deps): bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in codecov/codecov-action#1069

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.5.0 to 6.6.0 by @dependabot in codecov/codecov-action#1072

Update README.md by @thomasrockhu-codecov in codecov/codecov-action#1073

build(deps-dev): bump @typescript-eslint/parser from 6.5.0 to 6.6.0 by @dependabot in codecov/codecov-action#1071

build(deps-dev): bump @vercel/ncc from 0.36.1 to 0.38.0 by @dependabot in codecov/codecov-action#1074

build(deps): bump @actions/core from 1.10.0 to 1.10.1 by @dependabot in codecov/codecov-action#1081

build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.6.0 to 6.7.0 by @dependabot in codecov/codecov-action#1080

build(deps): bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in codecov/codecov-action#1078

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in codecov/codecov-action#1077

build(deps-dev): bump @types/node from 20.5.9 to 20.6.0 by @dependabot in codecov/codecov-action#1075

build(deps-dev): bump @typescript-eslint/parser from 6.6.0 to 6.7.0 by @dependabot in codecov/codecov-action#1079

build(deps-dev): bump eslint from 8.48.0 to 8.49.0 by @dependabot in codecov/codecov-action#1076

use cli instead of node uploader by @dana-yaish in codecov/codecov-action#1068

chore(release): 4.0.0-beta.1 by @thomasrockhu-codecov in codecov/codecov-action#1084

not adding -n if empty to do-upload command by @dana-yaish in codecov/codecov-action#1085

4.0.0-beta.2 by @thomasrockhu-codecov in codecov/codecov-action#1086

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

#1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

No current support for aarch64 and alpine architectures.

Tokenless uploading is unsuported

Various arguments to the Action have been removed

3.1.4

Fixes

#967 Fix typo in README.md

#971 fix: add back in working dir

#969 fix: CLI option names for uploader

Dependencies

#970 build(deps-dev): bump @types/node from 18.15.12 to 18.16.3

#979 build(deps-dev): bump @types/node from 20.1.0 to 20.1.2

#981 build(deps-dev): bump @types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

#960 fix: allow for aarch64 build

Dependencies

#957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0

#958 build(deps): bump openpgp from 5.7.0 to 5.8.0

#959 build(deps-dev): bump @types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

#718 Update README.md

#851 Remove unsupported path_to_write_report argument

#898 codeql-analysis.yml

#901 Update README to contain correct information - inputs and negate feature

#955 fix: add in all the extra arguments for uploader

Dependencies

#819 build(deps): bump openpgp from 5.4.0 to 5.5.0

#835 build(deps): bump node-fetch from 3.2.4 to 3.2.10

#840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4

#841 build(deps): bump @actions/core from 1.9.1 to 1.10.0

#843 build(deps): bump @actions/github from 5.0.3 to 5.1.1

#869 build(deps): bump node-fetch from 3.2.10 to 3.3.0

#872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0

#879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits

0cfda1d chore(release): bump to 4.0.2 (#1302)
7d3a55e build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#1286)
fe84a0b build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.21.0 to 7.0.0 (...
e12c940 Use updated syntax for GitHub Markdown notes (#1300)
ef7f8a5 build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 (#1298)
b8a1d6a build(deps-dev): bump @typescript-eslint/eslint-plugin from 6.20.0 to 6.21.0 ...
6ef7ea4 build(deps-dev): bump @typescript-eslint/parser from 6.20.0 to 6.21.0 (#1271)
f62c5ee fix: working-directory input for all stages (#1272)
fdbfa4b Add link to docs on Dependabot secrets (#1260)
9855cf7 Escape pipes in table of arguments (#1265)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `4` | | [actions/setup-python](https://github.com/actions/setup-python) | `4` | `5` | | [actions/setup-node](https://github.com/actions/setup-node) | `3` | `4` | | [pre-commit/action](https://github.com/pre-commit/action) | `3.0.0` | `3.0.1` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3` | `4` | Updates `actions/checkout` from 3 to 4 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v4) Updates `actions/setup-python` from 4 to 5 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v5) Updates `actions/setup-node` from 3 to 4 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v3...v4) Updates `pre-commit/action` from 3.0.0 to 3.0.1 - [Release notes](https://github.com/pre-commit/action/releases) - [Commits](pre-commit/action@v3.0.0...v3.0.1) Updates `codecov/codecov-action` from 3 to 4 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: pre-commit/action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 26, 2024

hramezani approved these changes Feb 26, 2024

View reviewed changes

hramezani merged commit fce7be8 into main Feb 26, 2024
14 checks passed

hramezani deleted the dependabot/github_actions/github-actions-c4c7403e8c branch February 26, 2024 11:44

cclauss mentioned this pull request Feb 26, 2024

Keep GitHub Actions up to date with GitHub's Dependabot #212

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group with 5 updates #217

Bump the github-actions group with 5 updates #217

dependabot bot commented on behalf of github Feb 26, 2024

Bump the github-actions group with 5 updates #217

Bump the github-actions group with 5 updates #217

Conversation

dependabot bot commented on behalf of github Feb 26, 2024

v4.0.0

What's Changed

New Contributors

v3.6.0

What's Changed

New Contributors

v3.5.3

What's Changed

New Contributors

v3.5.2

What's Changed

v3.5.1

What's Changed

New Contributors

Changelog

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.2

v5.0.0

What's Changed

v4.8.0

What's Changed

New Contributors

v4.7.1

What's Changed

v4.7.0

v4.0.0

What's Changed

New Contributors

v3.8.2

What's Changed

v3.8.1

What's Changed

v3.8.0

What's Changed

Bug fixes:

Feature implementations:

Documentation changes:

Update dependencies:

pre-commit/action@v3.0.1

Misc

v4.0.0

Breaking Changes

What's Changed

4.0.0-beta.2

Fixes

4.0.0-beta.1

Breaking Changes

3.1.4

Fixes

Dependencies

3.1.3

Fixes

Dependencies

3.1.2

Fixes

Dependencies