chore(deps): bump the github-actions group with 5 updates by dependabot[bot] · Pull Request #494 · robfrank/linklift (original) (raw)
Bumps the github-actions group with 5 updates:
| Package | From | To |
|---|---|---|
| anchore/scan-action | 7.2.1 | 7.2.2 |
| github/codeql-action | 4.31.7 | 4.31.8 |
| ruby/setup-ruby | 1.269.0 | 1.270.0 |
| updatecli/updatecli-action | 2.97.0 | 2.98.0 |
| robfrank/kamal-accessories-updater | 25.11.2 | 25.12.1 |
Updates anchore/scan-action from 7.2.1 to 7.2.2
Release notes
Sourced from anchore/scan-action's releases.
v7.2.2
New in scan-action v7.2.2
- update Grype to v0.104.2 (#557) [[anchore-actions-token-generator[bot]](https://github.com/anchore-actions-token-generator[bot])]
- bump glob from 10.4.5 to 10.5.0 (#546) [[dependabot[bot]](https://github.com/dependabot[bot])]
Commits
- 3c9a191 chore(deps): update Grype to v0.104.2 (#557)
- 0a9fbe8 chore(deps-dev): bump lint-staged from 16.2.6 to 16.2.7 (#547)
- 5ac7f2a chore(deps-dev): bump prettier from 3.6.2 to 3.7.4 (#555)
- 563e915 chore(deps): bump peter-evans/create-pull-request from 7.0.8 to 7.0.11 (#556)
- 49c6d26 chore(deps): bump actions/checkout from 5.0.0 to 6.0.1 (#554)
- 77906c3 chore(deps): bump actions/setup-node from 6.0.0 to 6.1.0 (#553)
- ed82e81 chore(deps): bump glob from 10.4.5 to 10.5.0 (#546)
- See full diff in compare view
Updates github/codeql-action from 4.31.7 to 4.31.8
Release notes
Sourced from github/codeql-action's releases.
v4.31.8
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.8 - 11 Dec 2025
- Update default CodeQL bundle version to 2.23.8. #3354
See the full CHANGELOG.md for more information.
Changelog
Sourced from github/codeql-action's changelog.
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
[UNRELEASED]
No user facing changes.
4.31.8 - 11 Dec 2025
- Update default CodeQL bundle version to 2.23.8. #3354
4.31.7 - 05 Dec 2025
- Update default CodeQL bundle version to 2.23.7. #3343
4.31.6 - 01 Dec 2025
No user facing changes.
4.31.5 - 24 Nov 2025
- Update default CodeQL bundle version to 2.23.6. #3321
4.31.4 - 18 Nov 2025
No user facing changes.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see Upcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5. #3288
4.31.2 - 30 Oct 2025
No user facing changes.
4.31.1 - 30 Oct 2025
- The
add-snippetsinput has been removed from theanalyzeaction. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.4.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6. #3223
- When SARIF files are uploaded by the
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #32224.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. #3205
- Experimental: A new
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204
... (truncated)
Commits
- 1b168cd Merge pull request #3355 from github/update-v4.31.8-1b0b941e1
- 120f277 Update changelog for v4.31.8
- 1b0b941 Merge pull request #3354 from github/update-bundle/codeql-bundle-v2.23.8
- db812c1 Add changelog note
- 2930dba Update default bundle to codeql-bundle-v2.23.8
- c43362b Merge pull request #3340 from github/kaspersv/check-for-overlayBaseSpecifier
- 002a7f2 Overlay: log overlayBaseSpecifier at debug log-level
- 5b7e7fc Update src/codeql.ts
- 149d184 Merge pull request #3345 from github/mergeback/v4.31.7-to-main-cf1bb45a
- 97c2630 Rebuild
- Additional commits viewable in compare view
Updates ruby/setup-ruby from 1.269.0 to 1.270.0
Release notes
Sourced from ruby/setup-ruby's releases.
v1.270.0
What's Changed
- Bump actions/checkout from 5 to 6 by @dependabot[bot] in ruby/setup-ruby#830
- When setting JAVAHOMEalsoaddJAVA_HOME also add JAVAHOMEalsoaddJAVA_HOME/bin to PATH by @eregon in ruby/setup-ruby#836
Full Changelog: ruby/setup-ruby@v1.269.0...v1.270.0
Commits
- ac793fd When setting JAVAHOMEalsoaddJAVA_HOME also add JAVAHOMEalsoaddJAVA_HOME/bin to PATH
- 5f8a775 macos-13 is gone
- 30a6546 Bump actions/checkout from 5 to 6
- See full diff in compare view
Updates updatecli/updatecli-action from 2.97.0 to 2.98.0
Release notes
Sourced from updatecli/updatecli-action's releases.
v2.98.0 🌈
Changes
- Bump "
@types/node" package version @updateclibot[bot] (#991)- deps: update updatecli version to v0.112.0 @updateclibot[bot] (#990)
- Bump "
@types/node" package version @updateclibot[bot] (#989)Contributors
@updateclibot[bot] and updateclibot[bot]
Commits
- b846825 Bump "
@types/node" package version (#991) - fc534a8 deps: update updatecli version to v0.112.0 (#990)
- 0d62933 Bump "
@types/node" package version (#989) - See full diff in compare view
Updates robfrank/kamal-accessories-updater from 25.11.2 to 25.12.1
Release notes
Sourced from robfrank/kamal-accessories-updater's releases.
Release v25.12.1
What's Changed
- Merge pull request #7 from robfrank/dependabot/github_actions/github-actions-0b8390718f (231507f)
- Merge pull request #8 from robfrank/dependabot/github_actions/actions/checkout-6.0.0 (7cad6b2)
- Bump actions/checkout from 5.0.0 to 6.0.0 (7f31bd5)
- Bump peter-evans/create-pull-request in the github-actions group (a8d7de4)
- Merge pull request #6 from emadb/patch-1 (18beb5d)
- update Readme to match the latest version (aab2b06)
Usage
To use this version in your workflows:
- name: Update Kamal accessories uses: robfrank/kamal-accessories-updater@v25.12.1 with: config-dir: config mode: update-all
Full Changelog: robfrank/kamal-accessories-updater@...v25.12.1
Commits
- 231507f Merge pull request #7 from robfrank/dependabot/github_actions/github-actions-...
- 7cad6b2 Merge pull request #8 from robfrank/dependabot/github_actions/actions/checkou...
- 7f31bd5 Bump actions/checkout from 5.0.0 to 6.0.0
- a8d7de4 Bump peter-evans/create-pull-request in the github-actions group
- 18beb5d Merge pull request #6 from emadb/patch-1
- aab2b06 update Readme to match the latest version
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions