deps(actions): bump the github-actions group with 5 updates#3
Closed
dependabot[bot] wants to merge 15 commits intomainfrom
Closed
deps(actions): bump the github-actions group with 5 updates#3dependabot[bot] wants to merge 15 commits intomainfrom
dependabot[bot] wants to merge 15 commits intomainfrom
Conversation
Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action), [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) and [actions/stale](https://github.com/actions/stale). Updates `actions/checkout` from 4 to 6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.1">https://github.com/actions/checkout/compare/v4...v4.3.1</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a> Clarify v6 README (<a href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li> <li><a href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a> Add worktree support for persist-credentials includeIf (<a href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li> <li><a href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a> Update all references from v5 and v4 to v6 (<a href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v6">compare view</a></li> </ul> </details> <br /> Updates `mozilla-actions/sccache-action` from 0.0.6 to 0.0.9 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/mozilla-actions/sccache-action/releases">mozilla-actions/sccache-action's releases</a>.</em></p> <blockquote> <h2>v0.0.9</h2> <h2>What's Changed</h2> <ul> <li>prepare release 0.0.9 + force github action 2 by <a href="https://github.com/sylvestre"><code>@sylvestre</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/192">Mozilla-Actions/sccache-action#192</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Mozilla-Actions/sccache-action/compare/v0.0.8...v0.0.9">https://github.com/Mozilla-Actions/sccache-action/compare/v0.0.8...v0.0.9</a></p> <h2>v0.0.8</h2> <h2>What's Changed</h2> <ul> <li>adjust the GHA changes and prepare release 0.0.8 by <a href="https://github.com/sylvestre"><code>@sylvestre</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/190">Mozilla-Actions/sccache-action#190</a> Fixes: <a href="https://redirect.github.com/mozilla/sccache/issues/2351">mozilla/sccache#2351</a> Please update quickly!</li> </ul> <h2>Dependencies</h2> <ul> <li>Bump prettier from 3.3.3 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/174">Mozilla-Actions/sccache-action#174</a></li> <li>Bump undici from 5.28.4 to 5.28.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/176">Mozilla-Actions/sccache-action#176</a></li> <li>Bump eslint-plugin-jest from 28.9.0 to 28.11.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/178">Mozilla-Actions/sccache-action#178</a></li> <li>Bump <code>@types/node</code> from 22.10.0 to 22.13.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/179">Mozilla-Actions/sccache-action#179</a></li> <li>Bump <code>@octokit/endpoint</code> from 9.0.5 to 9.0.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/181">Mozilla-Actions/sccache-action#181</a></li> <li>Bump <code>@octokit/request</code> from 8.4.0 to 8.4.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/182">Mozilla-Actions/sccache-action#182</a></li> <li>Bump <code>@octokit/request-error</code> from 5.1.0 to 5.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/180">Mozilla-Actions/sccache-action#180</a></li> <li>Bump <code>@octokit/plugin-paginate-rest</code> from 9.2.1 to 9.2.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/184">Mozilla-Actions/sccache-action#184</a></li> <li>Bump eslint-plugin-prettier from 5.2.1 to 5.2.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/188">Mozilla-Actions/sccache-action#188</a></li> <li>Bump <code>@actions/tool-cache</code> from 2.0.1 to 2.0.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/185">Mozilla-Actions/sccache-action#185</a></li> <li>Bump ts-jest from 29.2.5 to 29.2.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/186">Mozilla-Actions/sccache-action#186</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/Mozilla-Actions/sccache-action/compare/v0.0.7...v0.0.8">https://github.com/Mozilla-Actions/sccache-action/compare/v0.0.7...v0.0.8</a></p> <h2>v0.0.7</h2> <h2>What's Changed</h2> <ul> <li>Add arm support by <a href="https://github.com/jdygert-spok"><code>@jdygert-spok</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/159">Mozilla-Actions/sccache-action#159</a></li> <li>add <code>disable_annotations</code> options to disable stats report by <a href="https://github.com/trim21"><code>@trim21</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/162">Mozilla-Actions/sccache-action#162</a></li> <li>remove action version from example by <a href="https://github.com/trim21"><code>@trim21</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/166">Mozilla-Actions/sccache-action#166</a></li> <li>0.0.7 by <a href="https://github.com/sylvestre"><code>@sylvestre</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/172">Mozilla-Actions/sccache-action#172</a></li> </ul> <h2>Dependencies</h2> <ul> <li>Bump <code>@types/jest</code> from 29.5.12 to 29.5.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/157">Mozilla-Actions/sccache-action#157</a></li> <li>Bump eslint-plugin-import from 2.29.1 to 2.31.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/154">Mozilla-Actions/sccache-action#154</a></li> <li>Bump eslint-plugin-jest from 28.6.0 to 28.9.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/165">Mozilla-Actions/sccache-action#165</a></li> <li>Bump <code>@types/node</code> from 20.14.11 to 22.10.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/163">Mozilla-Actions/sccache-action#163</a></li> <li>Bump <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/167">Mozilla-Actions/sccache-action#167</a></li> <li>Bump <code>@actions/core</code> from 1.10.1 to 1.11.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/169">Mozilla-Actions/sccache-action#169</a></li> <li>Bump typescript from 5.6.2 to 5.7.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/170">Mozilla-Actions/sccache-action#170</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/jdygert-spok"><code>@jdygert-spok</code></a> made their first contribution in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/159">Mozilla-Actions/sccache-action#159</a></li> <li><a href="https://github.com/trim21"><code>@trim21</code></a> made their first contribution in <a href="https://redirect.github.com/Mozilla-Actions/sccache-action/pull/162">Mozilla-Actions/sccache-action#162</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/7d986dd989559c6ecdb630a3fd2557667be217ad"><code>7d986dd</code></a> Merge pull request <a href="https://redirect.github.com/mozilla-actions/sccache-action/issues/192">#192</a> from sylvestre/release</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/c3f03b40d2055dd650b926ee007f7f7a75747e32"><code>c3f03b4</code></a> prepare release 0.0.9</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/213d335d8b5ae205aba7572c27ef18ecc8376afc"><code>213d335</code></a> Force version v2 of github action.</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/65101d47ea8028ed0c98a1cdea8dd9182e9b5133"><code>65101d4</code></a> Merge pull request <a href="https://redirect.github.com/mozilla-actions/sccache-action/issues/190">#190</a> from sylvestre/release</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/784917c172b1ea475345a831714149ee3569ca55"><code>784917c</code></a> readme: improve the wording</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/1220c18210b8f4dfe68b808e9714092e89f33427"><code>1220c18</code></a> npm run build</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/33f5b948b5f8786005615553df53c4c55c17cb65"><code>33f5b94</code></a> prepare version 0.0.8</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/8bd7e91bd39d92cd2d69f5d8cf1c32d74f2a5ca4"><code>8bd7e91</code></a> gha: adjust the variable for deprecation</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/a2b43af3c6fe8b547ce1b77f31457686d67dcfcb"><code>a2b43af</code></a> Merge pull request <a href="https://redirect.github.com/mozilla-actions/sccache-action/issues/186">#186</a> from Mozilla-Actions/dependabot/npm_and_yarn/ts-jest-...</li> <li><a href="https://github.com/Mozilla-Actions/sccache-action/commit/a675e5f63704305fb6828c1068b14c28a8d08141"><code>a675e5f</code></a> Merge pull request <a href="https://redirect.github.com/mozilla-actions/sccache-action/issues/185">#185</a> from Mozilla-Actions/dependabot/npm_and_yarn/actions/...</li> <li>Additional commits viewable in <a href="https://github.com/mozilla-actions/sccache-action/compare/v0.0.6...v0.0.9">compare view</a></li> </ul> </details> <br /> Updates `EmbarkStudios/cargo-deny-action` from 1 to 2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/embarkstudios/cargo-deny-action/releases">EmbarkStudios/cargo-deny-action's releases</a>.</em></p> <blockquote> <h2>Release 2.0.14 - cargo-deny 0.18.6</h2> <h2><a href="https://github.com/EmbarkStudios/cargo-deny/releases/tag/0.18.5">0.18.5</a></h2> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/789">PR#789</a> changed it so that release binaries are now built with LTO.</li> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/790">PR#790</a> and <a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/794">PR#794</a> updated various crates.</li> </ul> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/790">PR#790</a> added <a href="https://sarifweb.azurewebsites.net/">SARIF</a> as an output format, usable via <code>--format sarif</code>. The current output for this format is experimental and may change in future updates.</li> </ul> <h2><a href="https://github.com/EmbarkStudios/cargo-deny/releases/tag/0.18.6">0.18.6</a></h2> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/805">PR#805</a> updated <code>rustsec</code> to 0.31, resolving <a href="https://redirect.github.com/EmbarkStudios/cargo-deny/issues/804">#804</a>.</li> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/810">PR#810</a> resolved <a href="https://redirect.github.com/EmbarkStudios/cargo-deny/issues/809">#809</a> by printing the crate name and version when its manifest does not contain a <code>license</code> expression.</li> </ul> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/807">PR#807</a> added the <code>unused-license-exception</code> option to configure the lint level, resolving <a href="https://redirect.github.com/EmbarkStudios/cargo-deny/issues/806">#806</a>.</li> </ul> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/808">PR#808</a> updated <code>gix</code> to 0.75.</li> </ul> <h2>Release 2.0.13 - cargo-deny 0.18.4</h2> <h3>Added</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/779">PR#779</a> added the <code>--metadata-path</code> argument to use a cargo metadata JSON file instead of calling cargo metadata, resolving <a href="https://redirect.github.com/EmbarkStudios/cargo-deny/issues/777">#777</a>.</li> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/782">PR#782</a> added <code>sources.unused-allow-source</code> to allow configuration of the lint level when a source is allowed but not used by any crate in the graph, closing <a href="https://redirect.github.com/EmbarkStudios/cargo-deny/issues/781">#781</a>.</li> </ul> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/786">PR#786</a> changed the license check output. <code>/</code> is no longer corrected to <code>OR</code>, and if the license expression is found in the package's manifest, that span is used in diagnostic messages instead of the synthesized manifest.</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/786">PR#786</a> resolved <a href="https://redirect.github.com/EmbarkStudios/cargo-deny/issues/784">#784</a> by updating <code>spdx</code> to a new version that forces all GNU licenses to be exactly equal when comparing license expressions to licensee expressions, which is incredibly pedantic, but means the license comparison is entirely in the hands of the user so that I no longer have to deal with GNU licenses.</li> </ul> <h2>Release 2.0.12 - cargo-deny 0.18.3</h2> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/773">PR#773</a> changed cargo-deny's duplicate detection to automatically ignore versions whose only dependent is another version of the same crate.</li> </ul> <h2>Release 2.0.9 - cargo-deny 0.18.0</h2> <ul> <li>d8395c1 removed the rustup update.</li> </ul> <h2>Release 2.0.7 - cargo-deny 0.18.0</h2> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny-action/pull/92">PR#92</a> fixed an issue introduced by the latest rustup release.</li> </ul> <h2>Release 2.0.6 - cargo-deny 0.18.0</h2> <h3>Changed</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/746">PR#746</a> changed the directory naming of advisory databases, <a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/745">again</a>, so the name uses the last path component and a different, but also stable, hashing algorithm. Eg. the default <code>https://github.com/rustsec/advisory-db</code> will now be placed in <code>$CARGO_HOME/advisory-dbs/advisory-db-3157b0e258782691</code>.</li> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/746">PR#746</a> changed the MSRV to 1.85.0 and uses edition 2024.</li> </ul> <h3>Fixed</h3> <ul> <li><a href="https://redirect.github.com/EmbarkStudios/cargo-deny/pull/746">PR#746</a> fixes an issue when using cargo 1.85.0 where source urls were not being properly assigned to crates.io due to the constant being used no longer matching the new path used in cargo 1.85.0 causing eg. workspace dependency checks to fail.</li> </ul> <h2>Release 2.0.5 - cargo-deny 0.17.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/76cd80eb775d7bbbd2d80292136d74d39e1b4918"><code>76cd80e</code></a> Bump to 0.18.6</li> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/f2ba7abc2abebaf185c833c3961145a3c275caad"><code>f2ba7ab</code></a> Bump to 0.18.4</li> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/30f817c6f72275c6d54dc744fbca09ebc958599f"><code>30f817c</code></a> Bump to 0.18.3</li> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/6e6dcaa32fbf6bd330c20bc0068f950de9d85f73"><code>6e6dcaa</code></a> Add Defguard to "repositories using this action" (<a href="https://redirect.github.com/embarkstudios/cargo-deny-action/issues/100">#100</a>)</li> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/34899fc7ba81ca6268d5947a7a16b4649013fea1"><code>34899fc</code></a> Bump to 0.18.2</li> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/4de59db63a066737e557c2c4dd3d1f70206de781"><code>4de59db</code></a> Workaround rustup 1.28 (<a href="https://redirect.github.com/embarkstudios/cargo-deny-action/issues/96">#96</a>)</li> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/d8395c1c8c9df74d968a3bcbba5533e396ff43cf"><code>d8395c1</code></a> Use rustup from base image</li> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/55a198ad5e9a07759beeae4e572e50e5af91813f"><code>55a198a</code></a> Pin to image hash (<a href="https://redirect.github.com/embarkstudios/cargo-deny-action/issues/93">#93</a>)</li> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/8d73959fce1cdc8989f23fdf03bec6ae6a6576ef"><code>8d73959</code></a> Install active toolchain by default if rust-version is not passed (<a href="https://redirect.github.com/embarkstudios/cargo-deny-action/issues/92">#92</a>)</li> <li><a href="https://github.com/EmbarkStudios/cargo-deny-action/commit/25f8f6f154ebd7f0016835b722e879e1967feab5"><code>25f8f6f</code></a> Fix CI</li> <li>Additional commits viewable in <a href="https://github.com/embarkstudios/cargo-deny-action/compare/v1...v2">compare view</a></li> </ul> </details> <br /> Updates `actions/stale` from 9 to 10 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/stale/releases">actions/stale's releases</a>.</em></p> <blockquote> <h2>v10.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Upgrade to node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1279">actions/stale#1279</a> Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></li> </ul> <h3>Enhancement</h3> <ul> <li>Introducing sort-by option by <a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1254">actions/stale#1254</a></li> </ul> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/stale/pull/1186">actions/stale#1186</a></li> <li>Upgrade undici from 5.28.4 to 5.28.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/stale/pull/1201">actions/stale#1201</a></li> <li>Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.2 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1226">actions/stale#1226</a></li> <li>Upgrade <code>@action/cache</code> from 4.0.2 to 4.0.3 by <a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1233">actions/stale#1233</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/stale/pull/1251">actions/stale#1251</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1277">actions/stale#1277</a></li> </ul> <h3>Documentation changes</h3> <ul> <li>Changelog update for recent releases by <a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1224">actions/stale#1224</a></li> <li>Permissions update in Readme by <a href="https://github.com/ghadimir"><code>@ghadimir</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1248">actions/stale#1248</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1224">actions/stale#1224</a></li> <li><a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1248">actions/stale#1248</a></li> <li><a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1277">actions/stale#1277</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1279">actions/stale#1279</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v9...v10.0.0">https://github.com/actions/stale/compare/v9...v10.0.0</a></p> <h2>v9.1.0</h2> <h2>What's Changed</h2> <ul> <li>Documentation update by <a href="https://github.com/Marukome0743"><code>@Marukome0743</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1116">actions/stale#1116</a></li> <li>Add workflow file for publishing releases to immutable action package by <a href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1179">actions/stale#1179</a></li> <li>Update undici from 5.28.2 to 5.28.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1150">actions/stale#1150</a></li> <li>Update actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1091">actions/stale#1091</a></li> <li>Update actions/publish-action from 0.2.2 to 0.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1147">actions/stale#1147</a></li> <li>Update ts-jest from 29.1.1 to 29.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1175">actions/stale#1175</a></li> <li>Update <code>@actions/core</code> from 1.10.1 to 1.11.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1191">actions/stale#1191</a></li> <li>Update <code>@types/jest</code> from 29.5.11 to 29.5.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1193">actions/stale#1193</a></li> <li>Update <code>@actions/cache</code> from 3.2.2 to 4.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1194">actions/stale#1194</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Marukome0743"><code>@Marukome0743</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1116">actions/stale#1116</a></li> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/stale/pull/1179">actions/stale#1179</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/stale/compare/v9...v9.1.0">https://github.com/actions/stale/compare/v9...v9.1.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/stale/blob/main/CHANGELOG.md">actions/stale's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h1>[10.1.0]</h1> <h2>What's Changed</h2> <ul> <li>Add only-issue-types option to filter issues by type by <a href="https://github.com/Bibo-Joshi"><code>@Bibo-Joshi</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1255">actions/stale#1255</a></li> </ul> <h1>[10.0.0]</h1> <h2>What's Changed</h2> <h2>Breaking Changes</h2> <ul> <li>Upgrade to node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1279">actions/stale#1279</a> Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></li> </ul> <h2>Enhancement</h2> <ul> <li>Introducing sort-by option by <a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1254">actions/stale#1254</a></li> </ul> <h2>Dependency Upgrades</h2> <ul> <li>Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/stale/pull/1186">actions/stale#1186</a></li> <li>Upgrade undici from 5.28.4 to 5.28.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/stale/pull/1201">actions/stale#1201</a></li> <li>Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.2 by <a href="https://github.com/aparnajyothi-y"><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1226">actions/stale#1226</a></li> <li>Upgrade <code>@action/cache</code> from 4.0.2 to 4.0.3 by <a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1233">actions/stale#1233</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/stale/pull/1251">actions/stale#1251</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad"><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1277">actions/stale#1277</a></li> </ul> <h2>Documentation changes</h2> <ul> <li>Changelog update for recent releases by <a href="https://github.com/suyashgaonkar"><code>@suyashgaonkar</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1224">actions/stale#1224</a></li> <li>Permissions update in Readme by <a href="https://github.com/ghadimir"><code>@ghadimir</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1248">actions/stale#1248</a></li> </ul> <h1>[9.1.0]</h1> <h2>What's Changed</h2> <ul> <li>Documentation update by <a href="https://github.com/Marukome0743"><code>@Marukome0743</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1116">actions/stale#1116</a></li> <li>Add workflow file for publishing releases to immutable action package by <a href="https://github.com/Jcambass"><code>@Jcambass</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1179">actions/stale#1179</a></li> <li>Update undici from 5.28.2 to 5.28.4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1150">actions/stale#1150</a></li> <li>Update actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1091">actions/stale#1091</a></li> <li>Update actions/publish-action from 0.2.2 to 0.3.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1147">actions/stale#1147</a></li> <li>Update ts-jest from 29.1.1 to 29.2.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1175">actions/stale#1175</a></li> <li>Update <code>@actions/core</code> from 1.10.1 to 1.11.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1191">actions/stale#1191</a></li> <li>Update <code>@types/jest</code> from 29.5.11 to 29.5.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1193">actions/stale#1193</a></li> <li>Update <code>@actions/cache</code> from 3.2.2 to 4.0.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/stale/pull/1194">actions/stale#1194</a></li> </ul> <h1>[9.0.0]</h1> <h2>Breaking Changes</h2> <ol> <li>Action is now stateful: If the action ends because of <a href="https://github.com/actions/stale#operations-per-run">operations-per-run</a> then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.</li> <li>Version 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.</li> </ol> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/stale/commit/997185467fa4f803885201cee163a9f38240193d"><code>9971854</code></a> build(deps): bump actions/checkout from 4 to 6 (<a href="https://redirect.github.com/actions/stale/issues/1306">#1306</a>)</li> <li><a href="https://github.com/actions/stale/commit/5611b9defa6b7799a950489b00163db69f7a3ece"><code>5611b9d</code></a> build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/stale/issues/1291">#1291</a>)</li> <li><a href="https://github.com/actions/stale/commit/fad0de84e50d1aba7b0236cdaf0ea98a43286849"><code>fad0de8</code></a> Improves error handling when rate limiting is disabled on GHES. (<a href="https://redirect.github.com/actions/stale/issues/1300">#1300</a>)</li> <li><a href="https://github.com/actions/stale/commit/39bea7de61dd70ce4705a976f904f33d5e1e0f49"><code>39bea7d</code></a> Add Missing Input Reading for <code>only-issue-types</code> (<a href="https://redirect.github.com/actions/stale/issues/1298">#1298</a>)</li> <li><a href="https://github.com/actions/stale/commit/e46bbabb3ede15841d25946157759558dd16306e"><code>e46bbab</code></a> build(deps-dev): bump <code>@types/node</code> from 20.10.3 to 24.2.0 and document breakin...</li> <li><a href="https://github.com/actions/stale/commit/65d1d4804d3060875fff9f9fa8a49e27f71ce7f0"><code>65d1d48</code></a> build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (<a href="https://redirect.github.com/actions/stale/issues/1276">#1276</a>)</li> <li><a href="https://github.com/actions/stale/commit/5f858e3efba33a5ca4407a664cc011ad407f2008"><code>5f858e3</code></a> Add <code>only-issue-types</code> option to filter issues by type (<a href="https://redirect.github.com/actions/stale/issues/1255">#1255</a>)</li> <li><a href="https://github.com/actions/stale/commit/3a9db7e6a41a89f618792c92c0e97cc736e1b13f"><code>3a9db7e</code></a> Upgrade to node 24 (<a href="https://redirect.github.com/actions/stale/issues/1279">#1279</a>)</li> <li><a href="https://github.com/actions/stale/commit/8f717f0dfca33b78d3c933452e42558e4456c8e7"><code>8f717f0</code></a> Bumps form-data (<a href="https://redirect.github.com/actions/stale/issues/1277">#1277</a>)</li> <li><a href="https://github.com/actions/stale/commit/a92fd57ffeff1a7d5e9f90394c229c1cebb74321"><code>a92fd57</code></a> build(deps): bump undici from 5.28.5 to 5.29.0 (<a href="https://redirect.github.com/actions/stale/issues/1251">#1251</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/stale/compare/v9...v10">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updates the requirements on [rmcp](https://github.com/modelcontextprotocol/rust-sdk) and [reqwest](https://github.com/seanmonstar/reqwest) to permit the latest version. Updates `rmcp` to 0.12.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/modelcontextprotocol/rust-sdk/releases">rmcp's releases</a>.</em></p> <blockquote> <h2>rmcp-macros-v0.12.0</h2> <h3>Other</h3> <ul> <li>merge cached_schema_for_type into schema_for_type (<a href="https://redirect.github.com/modelcontextprotocol/rust-sdk/pull/581">#581</a>)</li> <li>Add NexusCore MCP to project list (<a href="https://redirect.github.com/modelcontextprotocol/rust-sdk/pull/573">#573</a>)</li> <li><em>(deps)</em> update darling requirement from 0.21 to 0.23 (<a href="https://redirect.github.com/modelcontextprotocol/rust-sdk/pull/574">#574</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/modelcontextprotocol/rust-sdk/commits/rmcp-v0.12.0">compare view</a></li> </ul> </details> <br /> Updates `reqwest` to 0.12.28 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/releases">reqwest's releases</a>.</em></p> <blockquote> <h2>v0.12.28</h2> <h2>What's Changed</h2> <ul> <li>fix: correctly import TokioIo on Windows by <a href="https://github.com/seanmonstar"><code>@seanmonstar</code></a> in <a href="https://redirect.github.com/seanmonstar/reqwest/pull/2896">seanmonstar/reqwest#2896</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.27...v0.12.28">https://github.com/seanmonstar/reqwest/compare/v0.12.27...v0.12.28</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/seanmonstar/reqwest/blob/master/CHANGELOG.md">reqwest's changelog</a>.</em></p> <blockquote> <h2>v0.12.28</h2> <ul> <li>Fix compiling on Windows if TLS and SOCKS features are not enabled.</li> </ul> <h2>v0.12.27</h2> <ul> <li>Add <code>ClientBuilder::windows_named_pipe(name)</code> option that will force all requests over that Windows Named Piper.</li> </ul> <h2>v0.12.26</h2> <ul> <li>Fix sending <code>Accept-Encoding</code> header only with values configured with reqwest, regardless of underlying tower-http config.</li> </ul> <h2>v0.12.25</h2> <ul> <li>Add <code>Error::is_upgrade()</code> to determine if the error was from an HTTP upgrade.</li> <li>Fix sending <code>Proxy-Authorization</code> if only username is configured.</li> <li>Fix sending <code>Proxy-Authorization</code> to HTTPS proxies when the target is HTTP.</li> <li>Refactor internal decompression handling to use tower-http.</li> </ul> <h2>v0.12.24</h2> <ul> <li>Refactor cookie handling to an internal middleware.</li> <li>Refactor internal random generator.</li> <li>Refactor base64 encoding to reduce a copy.</li> <li>Documentation updates.</li> </ul> <h2>v0.12.23</h2> <ul> <li>Add <code>ClientBuilder::unix_socket(path)</code> option that will force all requests over that Unix Domain Socket.</li> <li>Add <code>ClientBuilder::retry(policy)</code> and <code>reqwest::retry::Builder</code> to configure automatic retries.</li> <li>Add <code>ClientBuilder::dns_resolver2()</code> with more ergonomic argument bounds, allowing more resolver implementations.</li> <li>Add <code>http3_*</code> options to <code>blocking::ClientBuilder</code>.</li> <li>Fix default TCP timeout values to enabled and faster.</li> <li>Fix SOCKS proxies to default to port 1080</li> <li>(wasm) Add cache methods to <code>RequestBuilder</code>.</li> </ul> <h2>v0.12.22</h2> <ul> <li>Fix socks proxies when resolving IPv6 destinations.</li> </ul> <h2>v0.12.21</h2> <ul> <li>Fix socks proxy to use <code>socks4a://</code> instead of <code>socks4h://</code>.</li> <li>Fix <code>Error::is_timeout()</code> to check for hyper and IO timeouts too.</li> <li>Fix request <code>Error</code> to again include URLs when possible.</li> <li>Fix socks connect error to include more context.</li> <li>(wasm) implement <code>Default</code> for <code>Body</code>.</li> </ul> <h2>v0.12.20</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/seanmonstar/reqwest/commit/d97859910c357827ad5993d37ce750ad595f4fff"><code>d978599</code></a> v0.12.28</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/ef2768a823b28bf00e23e218e034be035b08d770"><code>ef2768a</code></a> fix: correctly import TokioIo on Windows (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2896">#2896</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/1bf6441b68c3e908d2588a3bb4f2043ceed737bf"><code>1bf6441</code></a> v0.12.27</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/4967b1b4e25c2e9cc9f4f2cb0f4e4181f13366ba"><code>4967b1b</code></a> feat: add windows_named_pipe() option to client builder (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2789">#2789</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/ef5b239cbaa5e93607415bcf943c8f571da13e42"><code>ef5b239</code></a> chore: Use http_body_util::BodyDataStream (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2892">#2892</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/a8100047976e138483e2128ee0ea004931ceead0"><code>a810004</code></a> chore: Disable unused tokio-util codec feature (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2893">#2893</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/01f03a4c01fb13e2262a513ed21e2b84b5186f46"><code>01f03a4</code></a> v0.12.26</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/e908f57f67d95a814466fc7422655478b983894c"><code>e908f57</code></a> fix(http3): correct compression defaults (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2890">#2890</a>)</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/509c9048b426f93bac2f643b1538b1d70e0dc830"><code>509c904</code></a> fix: disable default compression from tower-http if not enabled in reqwest (#...</li> <li><a href="https://github.com/seanmonstar/reqwest/commit/896aaeab612865bb37bc48d18faa53d7b65036f1"><code>896aaea</code></a> deps: update cookie_store to 0.22 (<a href="https://redirect.github.com/seanmonstar/reqwest/issues/2886">#2886</a>)</li> <li>Additional commits viewable in <a href="https://github.com/seanmonstar/reqwest/compare/v0.12.0...v0.12.28">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Add missing 'toolchain: stable' to security audit job - Remove --locked flags from cargo commands to allow lockfile generation - This fixes CI failures due to Cargo.lock mismatch
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Add deny.toml with: - Advisory acknowledgments for transitive dependencies - Apache-2.0 compatible license list - Banned deprecated crates Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Changes: - cargo-audit: Remove --deny warnings (handled by cargo-deny) - gitleaks: Add continue-on-error for org repos without license - Add helpful message about license requirement Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Bumps the github-actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.1` | | [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action) | `676c0e67b665684f17941acf5cc3af83bcf10228` | `9e326ebed976843c9932b3aa0e021c6f50310eb4` | | [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) | `ef301417264190a1eb9f26fcf171642070085c5b` | `3f4a782664881cf5725d0ffd23969fcce89fd868` | | [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `dcedce43c6f43de0b836d1fe38946645c9c638dc` | `ff98106e4c7b2bc287b24eaf42907196329070c7` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `46a3c492319c890177366b6ef46d6b4f89743ed4` | `3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261` | Updates `actions/checkout` from 4.3.1 to 6.0.1 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@34e1148...8e8c483) Updates `mozilla-actions/sccache-action` from 676c0e67b665684f17941acf5cc3af83bcf10228 to 9e326ebed976843c9932b3aa0e021c6f50310eb4 - [Release notes](https://github.com/mozilla-actions/sccache-action/releases) - [Commits](Mozilla-Actions/sccache-action@676c0e6...9e326eb) Updates `EmbarkStudios/cargo-deny-action` from ef301417264190a1eb9f26fcf171642070085c5b to 3f4a782664881cf5725d0ffd23969fcce89fd868 - [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases) - [Commits](EmbarkStudios/cargo-deny-action@ef30141...3f4a782) Updates `gitleaks/gitleaks-action` from dcedce43c6f43de0b836d1fe38946645c9c638dc to ff98106e4c7b2bc287b24eaf42907196329070c7 - [Release notes](https://github.com/gitleaks/gitleaks-action/releases) - [Commits](gitleaks/gitleaks-action@dcedce4...ff98106) Updates `actions/dependency-review-action` from 46a3c492319c890177366b6ef46d6b4f89743ed4 to 3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@46a3c49...3c4e3dc) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: mozilla-actions/sccache-action dependency-version: 9e326ebed976843c9932b3aa0e021c6f50310eb4 dependency-type: direct:production dependency-group: github-actions - dependency-name: EmbarkStudios/cargo-deny-action dependency-version: 3f4a782664881cf5725d0ffd23969fcce89fd868 dependency-type: direct:production dependency-group: github-actions - dependency-name: gitleaks/gitleaks-action dependency-version: ff98106e4c7b2bc287b24eaf42907196329070c7 dependency-type: direct:production dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/github-actions-c0b98546bb
branch
from
76d0e81 to
c8531c0
Compare
Contributor
Author
|
Looks like these dependencies are updatable in another way, so this is no longer needed. |
auto-merge was automatically disabled
January 9, 2026 07:31
Pull request was closed
dependabot
bot
deleted the
dependabot/github_actions/github-actions-c0b98546bb
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the github-actions group with 5 updates:
4.3.16.0.1676c0e67b665684f17941acf5cc3af83bcf102289e326ebed976843c9932b3aa0e021c6f50310eb4ef301417264190a1eb9f26fcf171642070085c5b3f4a782664881cf5725d0ffd23969fcce89fd868dcedce43c6f43de0b836d1fe38946645c9c638dcff98106e4c7b2bc287b24eaf42907196329070c746a3c492319c890177366b6ef46d6b4f89743ed43c4e3dcb1aa7874d2c16be7d79418e9b7efd6261Updates
actions/checkoutfrom 4.3.1 to 6.0.1Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
8e8c483Clarify v6 README (#2328)033fa0dAdd worktree support for persist-credentials includeIf (#2327)c2d88d3Update all references from v5 and v4 to v6 (#2314)1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)08c6903Prepare v5.0.0 release (#2238)9f26565Update actions checkout to use node 24 (#2226)Updates
mozilla-actions/sccache-actionfrom 676c0e67b665684f17941acf5cc3af83bcf10228 to 9e326ebed976843c9932b3aa0e021c6f50310eb4Commits
Updates
EmbarkStudios/cargo-deny-actionfrom ef301417264190a1eb9f26fcf171642070085c5b to 3f4a782664881cf5725d0ffd23969fcce89fd868Commits
Updates
gitleaks/gitleaks-actionfrom dcedce43c6f43de0b836d1fe38946645c9c638dc to ff98106e4c7b2bc287b24eaf42907196329070c7Commits
Updates
actions/dependency-review-actionfrom 46a3c492319c890177366b6ef46d6b4f89743ed4 to 3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions