ci(deps): bump the github-actions group across 1 directory with 17 updates by dependabot[bot] · Pull Request #85 · inferadb/control

dependabot · 2026-05-25T13:50:57Z

Bumps the github-actions group with 17 updates in the /.github/workflows directory:

Package	From	To
step-security/harden-runner	`2.16.1`	`2.19.4`
step-security/action-gh-release	`2.6.1`	`3.0.0`
mozilla-actions/sccache-action	`0.0.9`	`0.0.10`
step-security/rust-cache	`2.8.3`	`2.9.1`
step-security/docker-login-action	`3.7.0`	`4.1.0`
docker/metadata-action	`6.0.0`	`6.1.0`
step-security/docker-build-push-action	`6.18.0`	`7.1.0`
actions/upload-artifact	`7.0.0`	`7.0.1`
step-security/action-semantic-pull-request	`6.1.1`	`6.1.2`
step-security/mise-action	`3.6.1`	`4.0.1`
taiki-e/install-action	`2.73.0`	`2.79.7`
codecov/codecov-action	`6.0.0`	`6.0.1`
step-security/paths-filter	`3.0.5`	`4.0.1`
github/codeql-action	`4.35.1`	`4.36.0`
actions/labeler	`6.0.1`	`6.1.0`
googleapis/release-please-action	`4.4.0`	`5.0.0`
actions/dependency-review-action	`4.9.0`	`5.0.0`

Updates step-security/harden-runner from 2.16.1 to 2.19.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.19.4

What's Changed

Improvements for HTTPS Monitoring for the Enterprise tier of Harden Runner

Full Changelog: step-security/harden-runner@v2.19.3...v2.19.4

v2.19.3

What's Changed

Default to audit mode when api-key missing with use-policy-store by @varunsh-coder in step-security/harden-runner#665

Full Changelog: step-security/harden-runner@v2.19.2...v2.19.3

v2.19.2

What's Changed

Update the Harden Runner agent for enterprise tier to use go 1.26 and fix minor bugs.

Full Changelog: step-security/harden-runner@v2.19.1...v2.19.2

v2.19.1

What's Changed

fix: detect ubuntu-slim runners early and bail out by @devantler in step-security/harden-runner#657

What the fix changes

Harden-Runner will detect ubuntu-slim runners and exit cleanly with an informational log message, instead of post harden runner step failing on chown: invalid user: 'undefined'.

What the fix does not do

Jobs running on ubuntu-slim will not be monitored by Harden-Runner. The agent relies on kernel-level features (that require elevated capabilities).

Per GitHub's docs on single-CPU runners: "The container for ubuntu-slim runners runs in unprivileged mode. This means that some operations requiring elevated privileges such as mounting file systems, using Docker-in-Docker, or accessing low-level kernel features are not supported." Those low-level kernel features are what the agent needs, so monitoring inside the unprivileged container is not feasible today.

For StepSecurity enterprise customers If your security posture requires that workflows are always monitored, you can block the use of ubuntu-slim via workflow run policies see the Runner Label Policy docs. This lets you enforce that jobs only run on monitored runner types.

New Contributors

@devantler made their first contribution in step-security/harden-runner#657

Full Changelog: step-security/harden-runner@v2.19.0...v2.19.1

v2.19.0

What's Changed

New Runner Support

Harden-Runner now supports Depot, Blacksmith, Namespace, and WarpBuild runners with the same egress monitoring, runtime monitoring, and policy enforcement available on GitHub-hosted runners.

Automated Incident Response for Supply Chain Attacks

Global block list: Outbound connections to known malicious domains and IPs are now blocked even in audit mode.

System-defined detection rules: Harden-Runner will trigger lockdown mode when a high risk event is detected during an active supply chain attack (for example, a process reading the memory of the runner worker process, a common technique for stealing GitHub Actions secrets).

Bug Fixes

Windows and macOS: stability and reliability fixes

... (truncated)

Commits

9af89fc Merge pull request #667 from step-security/update-agent-v1.8.6
485dce8 Update agent to v1.8.6
ab7a940 Merge pull request #665 from step-security/fix/use-policy-store-default-audit
ec41b78 Default to audit mode when api-key missing with use-policy-store
9ca718d Merge pull request #664 from step-security/update-agent-v1.8.5
1dee3df Update agent to v1.8.5
a5ad31d Merge pull request #657 from devantler/fix/ubuntu-slim-user-env
6e92856 build dist and trim ubuntu-slim message
4e0504e Merge branch 'main' into fix/ubuntu-slim-user-env
8d3c67d Release v2.19.0 (#661)
Additional commits viewable in compare view

Updates step-security/action-gh-release from 2.6.1 to 3.0.0

Release notes

Sourced from step-security/action-gh-release's releases.

v3.0.0

What's Changed

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#80

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#81

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#82

chore: Remove guarddog.yml by @anurag-stepsecurity in step-security/action-gh-release#83

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#84

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/action-gh-release#85

fix: Security updates by @github-actions[bot] in step-security/action-gh-release#87

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/action-gh-release#86

New Contributors

@anurag-stepsecurity made their first contribution in step-security/action-gh-release#83

Full Changelog: step-security/action-gh-release@v2...v3.0.0

Commits

277bfa8 Merge pull request #86 from step-security/auto-cherry-pick
fcbd57a chore: Cherry-pick conflicting changes from upstream
28e0835 fix: apply code build script
147407f release: cut v3.0.0 for Node 24 upgrade (#670)
b06017c release: cut v3.0.0 for Node 24 upgrade (#670)
7f52c03 Merge pull request #87 from step-security/npm-audit-fix
e09057e fix: apply audit fixes
38e3839 fix: apply audit fixes
30dad22 Merge pull request #85 from step-security/auto-cherry-pick
e5ef807 chore: Bump version to 2.6.2
Additional commits viewable in compare view

Updates mozilla-actions/sccache-action from 0.0.9 to 0.0.10

Release notes

Sourced from mozilla-actions/sccache-action's releases.

v0.0.10

What's Changed

Use tar on all platforms by @brianmichel in Mozilla-Actions/sccache-action#193

Bump eslint-plugin-prettier from 5.2.3 to 5.2.5 by @dependabot[bot] in Mozilla-Actions/sccache-action#196

Bump typescript from 5.7.2 to 5.8.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#195

Bump @types/node from 22.13.0 to 22.13.17 by @dependabot[bot] in Mozilla-Actions/sccache-action#194

Bump undici from 5.28.5 to 5.29.0 by @dependabot[bot] in Mozilla-Actions/sccache-action#204

Bump eslint-config-prettier from 9.1.0 to 10.1.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#201

Bump ts-jest from 29.2.6 to 29.3.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#200

Bump eslint-plugin-prettier from 5.2.5 to 5.5.4 by @dependabot[bot] in Mozilla-Actions/sccache-action#221

Bump eslint-config-prettier from 10.1.2 to 10.1.8 by @dependabot[bot] in Mozilla-Actions/sccache-action#214

Bump the github-actions group across 1 directory with 2 updates by @dependabot[bot] in Mozilla-Actions/sccache-action#220

Add job id to annotation title by @wetheredge in Mozilla-Actions/sccache-action#212

Bump @actions/io from 1.1.3 to 2.0.0 by @dependabot[bot] in Mozilla-Actions/sccache-action#228

Bump eslint-plugin-import from 2.31.0 to 2.32.0 by @dependabot[bot] in Mozilla-Actions/sccache-action#227

Bump actions/setup-node from 5 to 6 in the github-actions group by @dependabot[bot] in Mozilla-Actions/sccache-action#226

Bump @actions/github from 6.0.0 to 6.0.1 by @dependabot[bot] in Mozilla-Actions/sccache-action#233

Bump minimatch by @dependabot[bot] in Mozilla-Actions/sccache-action#239

Bump actions/checkout from 5 to 6 in the github-actions group by @dependabot[bot] in Mozilla-Actions/sccache-action#232

Bump ts-jest from 29.3.2 to 29.4.6 by @dependabot[bot] in Mozilla-Actions/sccache-action#240

Bump to node24 by @cakebaker in Mozilla-Actions/sccache-action#245

Bump flatted from 3.3.1 to 3.4.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#248

Bump picomatch from 2.3.1 to 2.3.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#249

Bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in Mozilla-Actions/sccache-action#250

Fix code block formatting in README.md by @baseplate-admin in Mozilla-Actions/sccache-action#246

Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in Mozilla-Actions/sccache-action#231

prepare version 0.0.10 by @sylvestre in Mozilla-Actions/sccache-action#251

New Contributors

@brianmichel made their first contribution in Mozilla-Actions/sccache-action#193

@wetheredge made their first contribution in Mozilla-Actions/sccache-action#212

@baseplate-admin made their first contribution in Mozilla-Actions/sccache-action#246

Full Changelog: Mozilla-Actions/sccache-action@v0.0.9...v0.0.10

Commits

9e7fa8a Merge pull request #251 from sylvestre/ver
3ca012d prepare version 0.0.10
7cf1643 Merge pull request #231 from Mozilla-Actions/dependabot/npm_and_yarn/js-yaml-...
b2be802 Merge pull request #246 from baseplate-admin/patch-1
84812a5 Merge pull request #250 from Mozilla-Actions/dependabot/npm_and_yarn/handleba...
4e28318 Merge pull request #249 from Mozilla-Actions/dependabot/npm_and_yarn/picomatc...
cfa813e Merge pull request #248 from Mozilla-Actions/dependabot/npm_and_yarn/flatted-...
ef3762b Merge pull request #245 from cakebaker/bump_to_node24
919bfb6 Bump handlebars from 4.7.8 to 4.7.9
167904b Bump picomatch from 2.3.1 to 2.3.2
Additional commits viewable in compare view

Updates step-security/rust-cache from 2.8.3 to 2.9.1

Release notes

Sourced from step-security/rust-cache's releases.

v2.9.1

What's Changed

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/rust-cache#280

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/rust-cache#281

fix: test vulns fixed by @Raj-StepSecurity in step-security/rust-cache#279

Full Changelog: step-security/rust-cache@v2...v2.9.1

v2.8.4

What's Changed

[StepSecurity] Apply security best practices by @stepsecurity-app[bot] in step-security/rust-cache#265

fix: Security updates by @github-actions[bot] in step-security/rust-cache#267

fix: Security updates by @github-actions[bot] in step-security/rust-cache#269

fix: Security updates by @github-actions[bot] in step-security/rust-cache#270

fix: Security updates by @github-actions[bot] in step-security/rust-cache#271

fix: Security updates by @github-actions[bot] in step-security/rust-cache#272

fix: Security updates by @github-actions[bot] in step-security/rust-cache#273

fix: Security updates by @github-actions[bot] in step-security/rust-cache#274

fix: upgrade packages to fix vulnerabilities by @Raj-StepSecurity in step-security/rust-cache#275

fix: Security updates by @github-actions[bot] in step-security/rust-cache#276

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/rust-cache#277

fix: Security updates by @github-actions[bot] in step-security/rust-cache#278

New Contributors

@stepsecurity-app[bot] made their first contribution in step-security/rust-cache#265

Full Changelog: step-security/rust-cache@v2...v2.8.4

Commits

851174d fix: test vulns fixed (#279)
f0d17cd Merge branch 'main' into fix/test-vulnerabilities-fixed
90bb4a5 chore: Cherry-picked changes from upstream (#281)
595123a Merge pull request #280 from step-security/auto-cherry-pick
b1072eb conflicted commits cherry-picked
374bbf5 fix: apply code build script
dd5ecff fix: apply code build script
7791ac0 Compare case-insenitively for full cache key match (#303)
49df1bd Consider all installed toolchains in cache key (#293)
84286e5 Consider all installed toolchains in cache key (#293)
Additional commits viewable in compare view

Updates step-security/docker-login-action from 3.7.0 to 4.1.0

Release notes

Sourced from step-security/docker-login-action's releases.

v4.1.0

What's Changed

fix: Resolve security vulnerabilities by @anurag-stepsecurity in step-security/docker-login-action#33

ci: remove guarddog by @Raj-StepSecurity in step-security/docker-login-action#34

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-login-action#32

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-login-action#35

fix: fixed subscription check code by @amanstep in step-security/docker-login-action#36

New Contributors

@anurag-stepsecurity made their first contribution in step-security/docker-login-action#33

@amanstep made their first contribution in step-security/docker-login-action#36

Full Changelog: step-security/docker-login-action@v3...v4.1.0

Commits

870af64 Merge pull request #36 from step-security/fix/subscription_code
31c9f9d fix: unused dependency removed
ad9fbe6 fix: dist updated
1bb40b7 Merge branch 'main' into fix/subscription_code
d0c3707 fix: fixed subscription check code
f047736 Merge pull request #35 from step-security/auto-cherry-pick
f3dad61 chore: cherry-picked conflicting changes
ae453c3 fix: apply code build script
750d643 fix: apply code build script
243626a fix scoped Docker Hub cleanup path when registry is omitted
Additional commits viewable in compare view

Updates docker/metadata-action from 6.0.0 to 6.1.0

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/metadata-action#613

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/metadata-action#658 docker/metadata-action#630

Bump csv-parse from 6.1.0 to 6.2.1 in docker/metadata-action#617

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/metadata-action#620

Bump flatted from 3.3.3 to 3.4.2 in docker/metadata-action#623

Bump glob from 10.3.15 to 10.5.0 in docker/metadata-action#621

Bump handlebars from 4.7.8 to 4.7.9 in docker/metadata-action#629

Bump lodash from 4.17.23 to 4.18.1 in docker/metadata-action#639

Bump moment-timezone from 0.6.0 to 0.6.1 in docker/metadata-action#619

Bump picomatch from 4.0.3 to 4.0.4 in docker/metadata-action#626

Bump postcss from 8.5.6 to 8.5.10 in docker/metadata-action#649

Bump tar from 6.2.1 to 7.5.15 in docker/metadata-action#657

Bump undici from 6.23.0 to 6.25.0 in docker/metadata-action#614

Bump vite from 7.3.1 to 7.3.2 in docker/metadata-action#637

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

Commits

80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
8e0ddab chore: update generated content
a8db14b chore(deps): Bump @docker/actions-toolkit from 0.79.0 to 0.90.0
63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
c6916a6 chore: update generated content
aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
43dea76 chore: update generated content
7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
Additional commits viewable in compare view

Updates step-security/docker-build-push-action from 6.18.0 to 7.1.0

Release notes

Sourced from step-security/docker-build-push-action's releases.

v7.1.0

What's Changed

fix: Security updates by @github-actions[bot] in step-security/docker-build-push-action#27

fix: Security updates by @github-actions[bot] in step-security/docker-build-push-action#28

fix: upgraded packages to fix vulnerabilities by @Raj-StepSecurity in step-security/docker-build-push-action#29

build(deps): bump axios from 1.13.2 to 1.13.5 by @dependabot[bot] in step-security/docker-build-push-action#30

build(deps): bump tar from 7.5.7 to 7.5.9 by @dependabot[bot] in step-security/docker-build-push-action#32

fix: upgrade packages and fix vulnerabilities by @Raj-StepSecurity in step-security/docker-build-push-action#33

fix: fixed vulnerability by @amanstep in step-security/docker-build-push-action#35

ci: removed guarddog by @Raj-StepSecurity in step-security/docker-build-push-action#36

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#34

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#37

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#38

ci: yarn version updated by @Raj-StepSecurity in step-security/docker-build-push-action#39

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#40

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/docker-build-push-action#41

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/docker-build-push-action#42

New Contributors

@dependabot[bot] made their first contribution in step-security/docker-build-push-action#30

@amanstep made their first contribution in step-security/docker-build-push-action#35

Full Changelog: step-security/docker-build-push-action@v6...v7.1.0

Commits

846549b Merge pull request #42 from step-security/feat/update-subscription-check
f9b1572 banner added back
899b61e readme updated
2b5119e feat: added banner and update subscription check to make maintained actions f...
b2ce443 Merge pull request #41 from step-security/auto-cherry-pick
e1d2cd3 readme updated
a5e683b ci updated
f751cf9 ci updated
0bbe4cb conflicted commits cherry-picked
46acbdf fix test since secrets are not written to temp path anymore
Additional commits viewable in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Update the readme with direct upload details by @danwkennedy in actions/upload-artifact#795

Readme: bump all the example versions to v7 by @danwkennedy in actions/upload-artifact#796

Include changes in typespec/ts-http-runtime 0.3.5 by @yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
See full diff in compare view

Updates step-security/action-semantic-pull-request from 6.1.1 to 6.1.2

Release notes

Sourced from step-security/action-semantic-pull-request's releases.

v6.1.2

What's Changed

build(deps): bump js-yaml from 4.1.0 to 4.1.1 by @dependabot[bot] in step-security/action-semantic-pull-request#147

ci: update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#149

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#150

ci: Update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#151

fix: build(deps): bump axios from 1.12.2 to 1.13.5 by @dependabot[bot] in step-security/action-semantic-pull-request#152

fix: upgrade packages and fix vulnerabilities by @Raj-StepSecurity in step-security/action-semantic-pull-request#153

ci: Update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#154

ci: Update audit_package.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#155

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#156

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#157

fix: upgrade packages to fix vulnerabilities by @Raj-StepSecurity in step-security/action-semantic-pull-request#158

ci: made node version input to default at 24 by @amanstep in step-security/action-semantic-pull-request#133

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#159

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/action-semantic-pull-request#160

fix: Security updates by @github-actions[bot] in step-security/action-semantic-pull-request#161

ci: update actions_release.yml by @Raj-StepSecurity in step-security/action-semantic-pull-request#162

Full Changelog: step-security/action-semantic-pull-request@v6...v6.1.2

Commits

75d2dd5 Merge pull request #162 from step-security/Raj-StepSecurity-patch-11
dce66ee Update actions_release.yml
80eb62b Merge pull request #161 from step-security/yarn-audit-fix
ac0700f fix: apply audit fixes
92d4228 fix: apply audit fixes
91fa82f fix: apply audit fixes
fed9df2 Merge pull request #160 from step-security/feat/update-subscription-check
9d0ba60 code linted
21be1b8 feat: added banner and update subscription check to make maintained actions f...
57d5042 Merge pull request #159 from step-security/yarn-audit-fix
Additional commits viewable in compare view

Updates step-security/mise-action from 3.6.1 to 4.0.1

Release notes

Sourced from step-security/mise-action's releases.

v4.0.1

What's Changed

chore: Cherry-picked changes from upstream by @amanstep in step-security/mise-action#205

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/mise-action#207

fix: Security updates by @github-actions[bot] in step-security/mise-action#208

Full Changelog: step-security/mise-action@v3...v4.0.1

v3.6.2

What's Changed

fix: Security updates by @github-actions[bot] in step-security/mise-action#196

fix: Security updates by @github-actions[bot] in step-security/mise-action#197

fix: Security updates by @github-actions[bot] in step-security/mise-action#198

fix: Security updates by @github-actions[bot] in step-security/mise-action#199

fix: upgraded deps to fix vulnerabilities by @Raj-StepSecurity in step-security/mise-action#200

fix: Security updates by @github-actions[bot] in step-security/mise-action#201

feat: added banner and update subscription check to make maintained actions free for public repos by @Raj-StepSecurity in step-security/mise-action#202

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/mise-action#203

chore: Cherry-picked changes from upstream by @github-actions[bot] in step-security/mise-action#204

Full Changelog: step-security/mise-action@v3...v3.6.2

Commits

c7396e2 Merge pull request #208 from step-security/npm-audit-fix
b9722aa fix: apply audit fixes
6b3a113 fix: apply audit fixes
b8ed6bc fix: apply audit fixes
d25d72b fix: apply audit fixes
9e6e870 Merge pull request #207 from step-security/auto-cherry-pick
343774c chore: cherry-picked conflicting changes
3660f92 chore: cherry-picked conflicting changes
d1a0b66 fix: apply code build script
77dca75 fix: apply code build script
Additional commits viewable in compare view

Updates taiki-e/install-action from 2.73.0 to 2.79.7

Release notes

Sourced from taiki-e/install-action's releases.

2.79.7

Update typos@latest to 1.46.3.

Update rclone@latest to 1.74.2.

Update mise@latest to 2026.5.15.

Update tombi@latest to 0.11.7.

2.79.6

Update wasm-bindgen@latest to 0.2.122.

Update mise@latest to 2026.5.14.

Update cargo-deny@latestDescription has been truncated

…dates Bumps the github-actions group with 17 updates in the /.github/workflows directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.16.1` | `2.19.4` | | [step-security/action-gh-release](https://github.com/step-security/action-gh-release) | `2.6.1` | `3.0.0` | | [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action) | `0.0.9` | `0.0.10` | | [step-security/rust-cache](https://github.com/step-security/rust-cache) | `2.8.3` | `2.9.1` | | [step-security/docker-login-action](https://github.com/step-security/docker-login-action) | `3.7.0` | `4.1.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` | | [step-security/docker-build-push-action](https://github.com/step-security/docker-build-push-action) | `6.18.0` | `7.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` | | [step-security/action-semantic-pull-request](https://github.com/step-security/action-semantic-pull-request) | `6.1.1` | `6.1.2` | | [step-security/mise-action](https://github.com/step-security/mise-action) | `3.6.1` | `4.0.1` | | [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.73.0` | `2.79.7` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `6.0.1` | | [step-security/paths-filter](https://github.com/step-security/paths-filter) | `3.0.5` | `4.0.1` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.36.0` | | [actions/labeler](https://github.com/actions/labeler) | `6.0.1` | `6.1.0` | | [googleapis/release-please-action](https://github.com/googleapis/release-please-action) | `4.4.0` | `5.0.0` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.9.0` | `5.0.0` | Updates `step-security/harden-runner` from 2.16.1 to 2.19.4 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@fe10465...9af89fc) Updates `step-security/action-gh-release` from 2.6.1 to 3.0.0 - [Release notes](https://github.com/step-security/action-gh-release/releases) - [Commits](step-security/action-gh-release@dc29ef0...277bfa8) Updates `mozilla-actions/sccache-action` from 0.0.9 to 0.0.10 - [Release notes](https://github.com/mozilla-actions/sccache-action/releases) - [Commits](Mozilla-Actions/sccache-action@7d986dd...9e7fa8a) Updates `step-security/rust-cache` from 2.8.3 to 2.9.1 - [Release notes](https://github.com/step-security/rust-cache/releases) - [Commits](step-security/rust-cache@9be15b8...851174d) Updates `step-security/docker-login-action` from 3.7.0 to 4.1.0 - [Release notes](https://github.com/step-security/docker-login-action/releases) - [Commits](step-security/docker-login-action@6aa05fe...870af64) Updates `docker/metadata-action` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@030e881...80c7e94) Updates `step-security/docker-build-push-action` from 6.18.0 to 7.1.0 - [Release notes](https://github.com/step-security/docker-build-push-action/releases) - [Commits](step-security/docker-build-push-action@a8c3d08...846549b) Updates `actions/upload-artifact` from 7.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@bbbca2d...043fb46) Updates `step-security/action-semantic-pull-request` from 6.1.1 to 6.1.2 - [Release notes](https://github.com/step-security/action-semantic-pull-request/releases) - [Commits](step-security/action-semantic-pull-request@bc0cf74...75d2dd5) Updates `step-security/mise-action` from 3.6.1 to 4.0.1 - [Release notes](https://github.com/step-security/mise-action/releases) - [Commits](step-security/mise-action@88aa01c...c7396e2) Updates `taiki-e/install-action` from 2.73.0 to 2.79.7 - [Release notes](https://github.com/taiki-e/install-action/releases) - [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md) - [Commits](taiki-e/install-action@7a562df...d9be7d8) Updates `codecov/codecov-action` from 6.0.0 to 6.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@57e3a13...e79a696) Updates `step-security/paths-filter` from 3.0.5 to 4.0.1 - [Release notes](https://github.com/step-security/paths-filter/releases) - [Commits](step-security/paths-filter@6eee183...5c5241b) Updates `github/codeql-action` from 4.35.1 to 4.36.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c10b806...7211b7c) Updates `actions/labeler` from 6.0.1 to 6.1.0 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@634933e...f27b608) Updates `googleapis/release-please-action` from 4.4.0 to 5.0.0 - [Release notes](https://github.com/googleapis/release-please-action/releases) - [Changelog](https://github.com/googleapis/release-please-action/blob/main/CHANGELOG.md) - [Commits](googleapis/release-please-action@16a9c90...45996ed) Updates `actions/dependency-review-action` from 4.9.0 to 5.0.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@2031cfc...a1d282b) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.19.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: step-security/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: mozilla-actions/sccache-action dependency-version: 0.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: step-security/rust-cache dependency-version: 2.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: step-security/docker-login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: step-security/docker-build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: step-security/action-semantic-pull-request dependency-version: 6.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: step-security/mise-action dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: taiki-e/install-action dependency-version: 2.79.7 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: step-security/paths-filter dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: github/codeql-action dependency-version: 4.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/labeler dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: googleapis/release-please-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added area/ci CI/CD area/deps Dependencies labels May 25, 2026

github-actions Bot added area/config Configuration and removed area/deps Dependencies labels May 25, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(deps): bump the github-actions group across 1 directory with 17 updates#85

ci(deps): bump the github-actions group across 1 directory with 17 updates#85
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/workflows/github-actions-f1963ce446

dependabot Bot commented on behalf of github May 25, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 25, 2026

v2.19.4

What's Changed

v2.19.3

What's Changed

v2.19.2

What's Changed

v2.19.1

What's Changed

New Contributors

v2.19.0

What's Changed

New Runner Support

Automated Incident Response for Supply Chain Attacks

Bug Fixes

v3.0.0

What's Changed

New Contributors

v0.0.10

What's Changed

New Contributors

v2.9.1

What's Changed

v2.8.4

What's Changed

New Contributors

v4.1.0

What's Changed

New Contributors

v6.1.0

v7.1.0

What's Changed

New Contributors

v7.0.1

What's Changed

v6.1.2

What's Changed

v4.0.1

What's Changed

v3.6.2

What's Changed

2.79.7

2.79.6

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants