Bump the actions group across 1 directory with 8 updates

[dependabot]

Bumps the actions group with 8 updates in the / directory:

Package	From	To
actions/create-github-app-token	3.0.0	3.1.1
actions/cache	5.0.4	5.0.5
chromaui/action	16.0.0	16.2.0
aws-actions/configure-aws-credentials	6.0.0	6.1.0
aws-actions/amazon-ecr-login	2.1.0	2.1.2
docker/build-push-action	7.0.0	7.1.0
flatherskevin/semver-action	1.1.3	1.1.4
softprops/action-gh-release	2.6.1	3.0.0

Updates actions/create-github-app-token from 3.0.0 to 3.1.1

Release notes

Sourced from actions/create-github-app-token's releases.

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

• improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

• deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

• add client-id input and deprecate app-id (#353) (e6bd4e6)
• update permission inputs (#358) (076e948)

Commits

• 1b10c78 build(release): 3.1.1 [skip ci]
• 07e2b76 fix: improve error message when app identifier is empty (#362)
• ea01216 ci: remove publish-immutable-action workflow (#361)
• 7bd0371 build(release): 3.1.0 [skip ci]
• e6bd4e6 feat: add client-id input and deprecate app-id (#353)
• 076e948 feat: update permission inputs (#358)
• 3bbe07d fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
• 28a99e3 build(deps-dev): bump c8 from 10.1.3 to 11.0.0
• 4df5060 build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
• 4843c53 build(deps-dev): bump the development-dependencies group with 3 updates
• See full diff in compare view

Updates actions/cache from 5.0.4 to 5.0.5

Release notes

Sourced from actions/cache's releases.

v5.0.5

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in actions/cache#1747

Full Changelog: actions/cache@v5...v5.0.5

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

Commits

• 27d5ce7 Merge pull request #1747 from actions/yacaovsnc/update-dependency
• f280785 licensed changes
• 619aeb1 npm run build generated dist files
• bcf16c2 Update ts-http-runtime to 0.3.5
• See full diff in compare view

Updates chromaui/action from 16.0.0 to 16.2.0

Changelog

Sourced from chromaui/action's changelog.

v16.2.0 (Thu Apr 09 2026)

🚀 Enhancement

• Improve merge queue support #1256 (@​codykaup)

🐛 Bug Fix

• test: improve chromatic-e2e related tests #1273 (@​AriPerkkio)
• test: update Vitest to v4 #1266 (@​AriPerkkio)
• Throw error on React Native projects using TurboSnap #1267 (@​codykaup)

Authors: 2

• Ari Perkkiö (@​AriPerkkio)
• Cody Kaup (@​codykaup)

---

v16.1.0 (Thu Apr 02 2026)

🚀 Enhancement

• Best effort alternative to tree-kill that swallows errors #1261 (@​jmhobbs @​justin-thurman)

🐛 Bug Fix

• Merge pull request #1265 from chromaui/CAP-4242-unit-tests #1265 (@​justin-thurman)
• Create workflow for action-canary release #1255 (@​jmhobbs)
• Upgrade eslint version #1253 (@​jmhobbs)

Authors: 2

• John Hobbs (@​jmhobbs)
• Justin Thurman (@​justin-thurman)

---

Commits

• 688adae v16.2.0
• 8a2b825 v16.1.0
• See full diff in compare view

Updates aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.1.0

6.1.0 (2026-04-06)

Features

• add skip cleanup option (#1716) (11b1c58), closes #1545
• Support usage of AWS Profiles (#1696) (a7f0c82)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

6.1.0 (2026-04-06)

Features

• add skip cleanup option (#1716) (11b1c58), closes #1545
• Support usage of AWS Profiles (#1696) (a7f0c82)

Commits

• ec61189 chore(main): release 6.1.0 (#1717)
• 81676eb chore(deps): bump vite from 7.1.11 to 7.3.2 (#1721)
• dc64d28 chore(deps-dev): bump lodash from 4.17.23 to 4.18.1 (#1720)
• bc0a50a chore: Update dist
• 9ea6412 chore(deps): bump proxy-agent from 6.5.0 to 7.0.0 (#1686)
• 0a87594 chore: Update dist
• a7f0c82 feat: Support usage of AWS Profiles (#1696)
• e6bb6e5 chore: add text to CONTRIBUTING.md (#1719)
• 11b1c58 feat: add skip cleanup option (#1716)
• 51635db chore: Update dist
• Additional commits viewable in compare view

Updates aws-actions/amazon-ecr-login from 2.1.0 to 2.1.2

Release notes

Sourced from aws-actions/amazon-ecr-login's releases.

v2.1.2

See the changelog for details about the changes included in this release.

v2.1.1

See the changelog for details about the changes included in this release.

Changelog

Sourced from aws-actions/amazon-ecr-login's changelog.

2.1.2 (2026-04-01)

2.1.1 (2026-03-24)

Bug Fixes

• prefer explicit env var credentials over Pod Identity (#953) (ecbbdc7)

Commits

• f2e9fc6 chore(release): 2.1.2
• b5362e1 chore(deps-dev): bump eslint from 10.0.3 to 10.1.0 (#964)
• 2096e5c chore: Update dist (#984)
• ae31c19 chore(deps): bump @​aws-sdk/client-ecr from 3.1018.0 to 3.1021.0 (#977)
• f63ff6a chore(deps): bump @​aws-sdk/credential-providers (#978)
• 5b22aa2 chore: Update dist (#980)
• 887bd54 chore(deps): bump @​aws-sdk/client-ecr-public from 3.1016.0 to 3.1021.0 (#976)
• a080f59 chore: Update dist (#974)
• 220b1c6 chore(deps): bump @​aws-sdk/client-ecr from 3.1011.0 to 3.1016.0 (#966)
• 9e34c94 chore(deps): bump @​aws-sdk/credential-providers (#965)
• Additional commits viewable in compare view

Updates docker/build-push-action from 7.0.0 to 7.1.0

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

• Git context query format support by @​crazy-max in docker/build-push-action#1505
• Bump @​docker/actions-toolkit from 0.79.0 to 0.87.0 by @​crazy-max in docker/build-push-action#1505
• Bump brace-expansion from 1.1.12 to 1.1.13 in docker/build-push-action#1500
• Bump fast-xml-parser from 5.4.2 to 5.5.7 in docker/build-push-action#1489
• Bump flatted from 3.3.3 to 3.4.2 in docker/build-push-action#1491
• Bump glob from 10.3.12 to 10.5.0 in docker/build-push-action#1490
• Bump handlebars from 4.7.8 to 4.7.9 in docker/build-push-action#1497
• Bump lodash from 4.17.23 to 4.18.1 in docker/build-push-action#1510
• Bump picomatch from 4.0.3 to 4.0.4 in docker/build-push-action#1496
• Bump undici from 6.23.0 to 6.24.1 in docker/build-push-action#1486
• Bump vite from 7.3.1 to 7.3.2 in docker/build-push-action#1509

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

Commits

• bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
• 18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
• 46580d2 chore: update generated content
• 3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
• efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
• ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
• db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
• ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
• 2d8f2a1 chore: update generated content
• 919ac7b fix test since secrets are not written to temp path anymore
• Additional commits viewable in compare view

Updates flatherskevin/semver-action from 1.1.3 to 1.1.4

Commits

• 34b3c53 Bump actions/checkout from 4 to 6 (#303)
• See full diff in compare view

Updates softprops/action-gh-release from 2.6.1 to 3.0.0

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

• Move the action runtime and bundle target to Node 24
• Update @types/node to the Node 24 line and allow future Dependabot updates
• Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

• chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in softprops/action-gh-release#775
• chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @​dependabot[bot] in softprops/action-gh-release#777
• chore(deps): bump vite from 8.0.0 to 8.0.5 by @​dependabot[bot] in softprops/action-gh-release#781

Full Changelog: softprops/action-gh-release@v2...v2.6.2

Changelog

Sourced from softprops/action-gh-release's changelog.

3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

• Move the action runtime and bundle target to Node 24
• Update @types/node to the Node 24 line and allow future Dependabot updates
• Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

2.6.2

What's Changed

Other Changes 🔄

• chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in softprops/action-gh-release#775
• chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @​dependabot[bot] in softprops/action-gh-release#777
• chore(deps): bump vite from 8.0.0 to 8.0.5 by @​dependabot[bot] in softprops/action-gh-release#781

Commits

• b430933 release: cut v3.0.0 for Node 24 upgrade (#670)
• c2e35e0 chore(deps): bump the npm group across 1 directory with 7 updates (#783)
• 3bb1273 release 2.6.2
• c34030f chore: bump node to 24.14.1
• 8975bd0 chore(deps): bump vite from 8.0.0 to 8.0.5 (#781)
• f71937f chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 (#777)
• 3f0d239 chore(deps): bump picomatch from 4.0.3 to 4.0.4 (#775)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud