Skip to content

build(deps): bump the github-actions group across 1 directory with 6 updates#663

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-159f43e756
Open

build(deps): bump the github-actions group across 1 directory with 6 updates#663
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github-actions-159f43e756

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026
edited
Loading

Bumps the github-actions group with 6 updates in the / directory:

Package From To
chainguard-dev/actions 1.6.5 1.6.11
codecov/codecov-action 5.5.2 6.0.0
nick-fields/retry 3 4
juliangruber/approve-pull-request-action 2.0.6 2.1.0
slackapi/slack-github-action 2.1.1 3.0.1
nowsprinting/check-version-format-action 4 5

Updates chainguard-dev/actions from 1.6.5 to 1.6.11

Release notes

Sourced from chainguard-dev/actions's releases.

v1.6.11

What's Changed

New Contributors

Full Changelog: chainguard-dev/actions@v1.6.10...v1.6.11

v1.6.10

What's Changed

Full Changelog: chainguard-dev/actions@v1.6.9...v1.6.10

v1.6.9

What's Changed

... (truncated)

Commits
  • 8bb24c2 validate checksums of the installs (#823)
  • ec9ada7 build(deps): bump sigstore/cosign-installer in /setup-argo-workflows (#825)
  • 61918c9 add more endpoints for Go Workflows (#824)
  • 0b50b93 feat(harden-runner): move to inline block policies (#822)
  • 9f56ab6 fix(security): FIND-005 pin apko-build Docker image to digest (#819)
  • 5c361aa build(deps): bump chainguard-dev/setup-chainctl in /setup-chainctl (#820)
  • cecb667 build(deps): bump chainguard-dev/setup-chainctl (#821)
  • c455bf8 build(deps): bump chainguard-dev/actions from 1.6.9 to 1.6.10 (#813)
  • 2c8be80 build(deps): bump chainguard-dev/actions from 1.6.9 to 1.6.10 in /gofmt (#814)
  • 6b3b09d build(deps): bump chainguard-dev/actions in /goimports (#815)
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.2 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

Commits

Updates nick-fields/retry from 3 to 4

Release notes

Sourced from nick-fields/retry's releases.

v4.0.0

4.0.0 (2026-03-20)

v3.0.2

3.0.2 (2025-02-25)

Fixed an issue with the automated release that prevented #146 from being properly released

What's Changed

Full Changelog: nick-fields/retry@v...v3.0.2

v3.0.1

What's Changed

New Contributors

Full Changelog: nick-fields/retry@v...v3.0.1

Commits
  • ad98453 Merge pull request #165 from nick-fields/nrf/node24
  • 16b9199 major: upgrade to node24
  • 9417ab4 Merge pull request #148 from xavier2k6/nf_retry_p1
  • 07cd61d Merge branch 'master' into nf_retry_p1
  • d6b241c Merge branch 'master' into nf_retry_p1
  • 8d92921 Bump ci_cd workflow actions
  • See full diff in compare view

Updates juliangruber/approve-pull-request-action from 2.0.6 to 2.1.0

Release notes

Sourced from juliangruber/approve-pull-request-action's releases.

v2.1.0

  • Update node version (#83) ef2657f
  • ci: add workflow_dispatch c97e272
  • Bump braces from 3.0.2 to 3.0.3 (#74) f88e49d
  • Bump undici from 5.28.3 to 5.28.4 (#73) 1fe354e

juliangruber/approve-pull-request-action@v2.0.6...v2.1.0

Commits

Updates slackapi/slack-github-action from 2.1.1 to 3.0.1

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack GitHub Action v3.0.1

What's Changed

Alongside the breaking changes of @v3.0.0 and a new technique to run Slack CLI commands, we tried the wrong name to publish to the GitHub Marketplace 🐙 This action is now noted as The Slack GitHub Action in listings 🎶 ✨

🎨 Maintenance

Full Changelog: slackapi/slack-github-action@v3.0.0...v3.0.1

Slack GitHub Action v3.0.0

The @v3.0.0 release had a hiccup on publish and we recommend using @​v3.0.1 or a more recent version when updating! Oops!

🎽 Running Slack CLI commands and the active Node runtime, both included in this release 👟 ✨

⚠️ Breaking change: Node.js 24 the runtime

This major version updates the GitHub Actions required runtime to Node.js 24. Most GitHub-hosted runners already include this, but self-hosted runners may need to be updated ahead of planned deprecations of Node 20 on GitHub Actions runners.

📺 Enhancement: Run Slack CLI commands

This release introduces a new technique for running Slack CLI commands directly in GitHub Actions workflows. Use this to install the latest version (or a specific one) of the CLI and execute commands like deploy for merges to main, manifest validate with tests, and other commands.

Gather a token using the following CLI command to store with repo secrets, then get started with an example below:

$ slack auth token

🧪 Validate an app manifest on pull requests

Check that your app manifest is valid before merging changes:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/validate-a-manifest

- name: Validate the manifest
  uses: slackapi/slack-github-action/cli@v3.0.0
  with:
    command: "manifest validate --app ${{ vars.SLACK_APP_ID }}"
    token: ${{ secrets.SLACK_SERVICE_TOKEN }}

🚀 Deploy your app on push to main

Automate deployments whenever changes land on your main branch:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/deploy-an-app

... (truncated)

Commits
  • af78098 Release
  • add1a00 chore(release): tag version 3.0.1 (#577)
  • 2bc9e7a chore: use a unique title for marketplace (#576)
  • c5d43da chore(release): tag version 3.0.0 (#575)
  • 963b979 build(deps): bump @​slack/web-api from 7.14.1 to 7.15.0 (#574)
  • 90b7328 build(deps): bump @​slack/logger from 4.0.0 to 4.0.1 (#573)
  • e45cb89 feat: support slack cli commands with composite action inputs (#560)
  • 0aed2c2 build(deps): bump https-proxy-agent from 7.0.6 to 8.0.0 (#572)
  • 4795f96 build(deps-dev): bump sinon from 21.0.1 to 21.0.2 (#571)
  • bd9e2ce build(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#569)
  • Additional commits viewable in compare view

Updates nowsprinting/check-version-format-action from 4 to 5

Release notes

Sourced from nowsprinting/check-version-format-action's releases.

v5.0.0

What’s Changed

💔 Breaking Changes

🧰 Maintenance

v4.0.8

What’s Changed

🧰 Maintenance

v4.0.7

What’s Changed

🧰 Maintenance

v4.0.6

What’s Changed

🧰 Maintenance

v4.0.5

What’s Changed

🧰 Maintenance

v4.0.4

What’s Changed

🧰 Maintenance

... (truncated)

Commits
  • 976544c Merge pull request #359 from nowsprinting/release/5.0.1
  • df1fabe Bump version to v5.0.1
  • a66f144 Merge pull request #358 from nowsprinting/dependabot/npm_and_yarn/handlebars-...
  • 5aa7c44 Bump handlebars from 4.7.8 to 4.7.9
  • ad10818 Merge pull request #357 from nowsprinting/release/5.0.0
  • cf52a9a Bump version to v5.0.0
  • b228eb6 Merge pull request #356 from nowsprinting/chore/actions_github_9
  • 0d38a47 Remove unused files and dependencies flagged in Copilot review
  • 5a701d3 Fix npm audit vulnerabilities and build/test failures caused by @​actions/gith...
  • 016eaf9 Upgrade dependent actions/github to v9.0.0
  • Additional commits viewable in compare view

@dependabot dependabot bot added the area/dependencies Affects dependencies label Apr 1, 2026
@dependabot
build(deps): bump the github-actions group with 6 updates
983a31d 
Bumps the github-actions group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [chainguard-dev/actions](https://github.com/chainguard-dev/actions) | `1.6.5` | `1.6.11` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` |
| [nick-fields/retry](https://github.com/nick-fields/retry) | `3` | `4` |
| [juliangruber/approve-pull-request-action](https://github.com/juliangruber/approve-pull-request-action) | `2.0.6` | `2.1.0` |
| [slackapi/slack-github-action](https://github.com/slackapi/slack-github-action) | `2.1.1` | `3.0.1` |
| [nowsprinting/check-version-format-action](https://github.com/nowsprinting/check-version-format-action) | `4` | `5` |


Updates `chainguard-dev/actions` from 1.6.5 to 1.6.11
- [Release notes](https://github.com/chainguard-dev/actions/releases)
- [Commits](chainguard-dev/actions@71714a7...8bb24c2)

Updates `codecov/codecov-action` from 5.5.2 to 6.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v5.5.2...v6.0.0)

Updates `nick-fields/retry` from 3 to 4
- [Release notes](https://github.com/nick-fields/retry/releases)
- [Commits](nick-fields/retry@v3...v4)

Updates `juliangruber/approve-pull-request-action` from 2.0.6 to 2.1.0
- [Release notes](https://github.com/juliangruber/approve-pull-request-action/releases)
- [Commits](juliangruber/approve-pull-request-action@b71c44f...68fcc9a)

Updates `slackapi/slack-github-action` from 2.1.1 to 3.0.1
- [Release notes](https://github.com/slackapi/slack-github-action/releases)
- [Commits](slackapi/slack-github-action@91efab1...af78098)

Updates `nowsprinting/check-version-format-action` from 4 to 5
- [Release notes](https://github.com/nowsprinting/check-version-format-action/releases)
- [Commits](nowsprinting/check-version-format-action@v4...v5)

---
updated-dependencies:
- dependency-name: chainguard-dev/actions
  dependency-version: 1.6.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: nick-fields/retry
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: juliangruber/approve-pull-request-action
  dependency-version: 2.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: slackapi/slack-github-action
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: nowsprinting/check-version-format-action
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot changed the title build(deps): bump the github-actions group with 6 updates build(deps): bump the github-actions group across 1 directory with 6 updates Apr 1, 2026
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-159f43e756 branch from ee616a4 to 983a31d Compare April 1, 2026 22:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/dependencies Affects dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants