Bump the github-actions group across 1 directory with 8 updates #96

dependabot · 2025-02-01T04:32:30Z

Bumps the github-actions group with 8 updates in the / directory:

Package	From	To
step-security/harden-runner	`2.10.1`	`2.10.4`
actions/checkout	`4.1.1`	`4.2.2`
actions/dependency-review-action	`4.4.0`	`4.5.0`
tj-actions/changed-files	`45.0.3`	`45.0.6`
aminya/setup-cpp	`0.44.0`	`0.46.0`
actions/setup-python	`5.3.0`	`5.4.0`
ossf/scorecard-action	`2.3.1`	`2.4.0`
actions/upload-artifact	`97a0fba1372883ab732affbe8f94b823f91727db`	`c24449f33cd45d4826c6702db7e49f7cdb9b551d`

Updates step-security/harden-runner from 2.10.1 to 2.10.4

Release notes

Sourced from step-security/harden-runner's releases.

v2.10.4

What's Changed

Fixed a potential Harden-Runner post step failure that could occur when printing agent service logs. The fix gracefully handles failures without failing the post step.

Full Changelog: step-security/harden-runner@v2...v2.10.4

v2.10.3

What's Changed

Fixed an issue where DNS requests using uppercase characters (e.g., EXAMPLE.com) were blocked even when the domain was present in the allowed list. This update standardizes domain names to lowercase for consistent comparison.

Full Changelog: step-security/harden-runner@v2...v2.10.3

v2.10.2

What's Changed

Fixes low-severity command injection weaknesses The advisory is here: GHSA-g85v-wf27-67xc

Bug fix to improve detection of whether Harden-Runner is running in a container

Full Changelog: step-security/harden-runner@v2...v2.10.2

Commits

cb605e5 Merge pull request #496 from step-security/fix-enobufs
61144dd Update log statement
b8be370 Add try catch block
6f6fa07 Fix ENOBUFS issue
18f6947 Merge pull request #495 from AkhigbeEromo/Update-README
81f844e Edit docs
4c766de Merge branch 'Update-README' of https://github.com/AkhigbeEromo/harden-runner...
c9c5f32 Handle Ashish reviews
2877824 Merge branch 'main' into Update-README
be87de0 Clean up
Additional commits viewable in compare view

Updates actions/checkout from 4.1.1 to 4.2.2

Release notes

Sourced from actions/checkout's releases.

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

v4.2.0

What's Changed

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependabot updates in actions/checkout#1777 & actions/checkout#1872

New Contributors

@yasonk made their first contribution in actions/checkout#1869

@lucacome made their first contribution in actions/checkout#1180

Full Changelog: actions/checkout@v4.1.7...v4.2.0

v4.1.7

What's Changed

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

New Contributors

@orhantoy made their first contribution in actions/checkout#1774

Full Changelog: actions/checkout@v4.1.6...v4.1.7

v4.1.6

What's Changed

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

Update for 4.1.6 release by @cory-miller in actions/checkout#1733

Full Changelog: actions/checkout@v4.1.5...v4.1.6

v4.1.5

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

Check git version before attempting to disable sparse-checkout by @jww3 in actions/checkout#1656

Add SSH user parameter by @cory-miller in actions/checkout#1685

Update actions/checkout version in update-main-version.yml by @jww3 in actions/checkout#1650

v4.1.2

Fix: Disable sparse checkout whenever sparse-checkout option is not present @dscho in actions/checkout#1598

v4.1.1

Correct link to GitHub Docs by @peterbe in actions/checkout#1511

Link to release page from what's new section by @cory-miller in actions/checkout#1514

v4.1.0

Add support for partial checkout filters

... (truncated)

Commits

11bd719 Prepare 4.2.2 Release (#1953)
e3d2460 Expand unit test coverage (#1946)
163217d url-helper.ts now leverages well-known environment variables. (#1941)
eef6144 Prepare 4.2.1 release (#1925)
6b42224 Add workflow file for publishing releases to immutable action package (#1919)
de5a000 Check out other refs/* by commit if provided, fall back to ref (#1924)
d632683 Prepare 4.2.0 release (#1878)
6d193bf Bump braces from 3.0.2 to 3.0.3 (#1777)
db0cee9 Bump the minor-npm-dependencies group across 1 directory with 4 updates (#1872)
b684943 Add Ref and Commit outputs (#1180)
Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.4.0 to 4.5.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.5.0

What's Changed

Bump got from 14.4.2 to 14.4.3 by @dependabot in actions/dependency-review-action#844

Bump nodemon from 3.1.0 to 3.1.7 by @dependabot in actions/dependency-review-action#847

Bump @vercel/ncc from 0.38.1 to 0.38.3 by @dependabot in actions/dependency-review-action#849

Overriding the cross-spawn dependency to use a safe version by @Ahmed3lmallah in actions/dependency-review-action#850

fix: add summary comment on failure when warn-only: true by @ebickle in actions/dependency-review-action#827

Prepare for 4.5.0 release by @Ahmed3lmallah in actions/dependency-review-action#851

New Contributors

@ebickle made their first contribution in actions/dependency-review-action#827

Full Changelog: actions/dependency-review-action@v4...v4.5.0

Commits

3b139cf Merge pull request #851 from actions/ahmed3lmallah/prepare-for-4.5.0-release
d6807b6 updating generated code
c89b41f addressing lint issues
eee97d8 incrementing project version
9d10182 Merge pull request #827 from ebickle/fix/comment-warn-only
9192be9 Merge pull request #850 from actions/ahmed3lmallah/adressing-CVE-2024-21538
2fc8e23 Using cross-spawn safe version
fb86db2 fix: resolve race conditions in async core.group calls
0a198ab fix: replace integer failureCount with boolean
fc499fc Merge branch 'main' into fix/comment-warn-only
Additional commits viewable in compare view

Updates tj-actions/changed-files from 45.0.3 to 45.0.6

Release notes

Sourced from tj-actions/changed-files's releases.

v45.0.6

What's Changed

Upgraded to v45.0.5 by @tj-actions-bot in tj-actions/changed-files#2374

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2375

chore(deps): update dependency @types/node to v22.10.2 by @renovate in tj-actions/changed-files#2376

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2377

chore(deps): update dependency eslint-plugin-jest to v28.10.0 by @renovate in tj-actions/changed-files#2378

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2379

chore(deps): update peter-evans/create-pull-request action to v7.0.6 by @renovate in tj-actions/changed-files#2380

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2382

fix(deps): update dependency yaml to v2.7.0 by @renovate in tj-actions/changed-files#2383

chore(deps): update dependency @types/node to v22.10.3 by @renovate in tj-actions/changed-files#2385

chore(deps): update dependency @types/node to v22.10.4 by @renovate in tj-actions/changed-files#2386

chore(deps): update dependency @types/node to v22.10.5 by @renovate in tj-actions/changed-files#2387

chore(deps): update dependency @types/lodash to v4.17.14 by @renovate in tj-actions/changed-files#2388

Full Changelog: tj-actions/changed-files@v45...v45.0.6

v45.0.5

What's Changed

Upgraded to v45.0.4 by @tj-actions-bot in tj-actions/changed-files#2344

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2345

chore(deps): update dependency @vercel/ncc to v0.38.3 by @renovate in tj-actions/changed-files#2348

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2349

chore(deps): update dependency @types/node to v22.9.1 by @renovate in tj-actions/changed-files#2352

chore(deps): bump yaml from 2.6.0 to 2.6.1 by @dependabot in tj-actions/changed-files#2353

chore(deps-dev): bump eslint-plugin-github from 5.0.2 to 5.1.1 by @dependabot in tj-actions/changed-files#2356

chore(deps): update dependency typescript to v5.7.2 by @renovate in tj-actions/changed-files#2357

chore(deps): update dependency @types/node to v22.9.2 by @renovate in tj-actions/changed-files#2358

chore(deps): update dependency @types/node to v22.9.3 by @renovate in tj-actions/changed-files#2359

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2360

chore(deps): update dependency @types/node to v22.9.4 by @renovate in tj-actions/changed-files#2361

chore(deps): update dependency @types/node to v22.10.0 by @renovate in tj-actions/changed-files#2364

chore(deps): update dependency prettier to v3.4.0 by @renovate in tj-actions/changed-files#2365

chore(deps): update dependency prettier to v3.4.1 by @renovate in tj-actions/changed-files#2366

chore(deps): update dependency eslint-plugin-github to v5.1.3 by @renovate in tj-actions/changed-files#2367

chore(deps): update dependency @types/node to v22.10.1 by @renovate in tj-actions/changed-files#2368

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2369

chore(deps): update dependency prettier to v3.4.2 by @renovate in tj-actions/changed-files#2370

chore(deps): update dependency eslint-plugin-github to v5.1.4 by @renovate in tj-actions/changed-files#2372

Full Changelog: tj-actions/changed-files@v45...v45.0.5

v45.0.4

What's Changed

Upgraded to v45.0.3 by @tj-actions-bot in tj-actions/changed-files#2308

fix(deps): update dependency @actions/core to v1.11.1 by @renovate in tj-actions/changed-files#2309

chore(deps): lock file maintenance by @renovate in tj-actions/changed-files#2310

... (truncated)

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

45.0.6 - (2025-01-03)

🐛 Bug Fixes

deps: Update dependency yaml to v2.7.0 (#2383) (5f974c2) - (renovate[bot])

⚙️ Miscellaneous Tasks

deps: Update dependency @types/lodash to v4.17.14 (#2388) (d6e91a2) - (renovate[bot])

deps: Update dependency @types/node to v22.10.5 (#2387) (73401cd) - (renovate[bot])

deps: Update dependency @types/node to v22.10.4 (#2386) (7f28b2b) - (renovate[bot])

deps: Update dependency @types/node to v22.10.3 (#2385) (c1f82ce) - (renovate[bot])

deps: Lock file maintenance (#2382) (bb364ec) - (renovate[bot])

deps: Update peter-evans/create-pull-request action to v7.0.6 (#2380) (7ac5902) - (renovate[bot])

deps: Lock file maintenance (#2379) (7c5097f) - (renovate[bot])

deps: Update dependency eslint-plugin-jest to v28.10.0 (#2378) (37dc9a5) - (renovate[bot])

deps: Lock file maintenance (#2377) (515a6b3) - (renovate[bot])

deps: Update dependency @types/node to v22.10.2 (#2376) (ac47125) - (renovate[bot])

deps: Lock file maintenance (#2375) (ef3b6f1) - (renovate[bot])

⬆️ Upgrades

Upgraded to v45.0.5 (#2374)

Co-authored-by: jackton1 [email protected] (8082fbc) - (tj-actions[bot])

45.0.5 - (2024-12-05)

⚙️ Miscellaneous Tasks

deps: Update dependency eslint-plugin-github to v5.1.4 (#2372) (bab30c2) - (renovate[bot])

deps: Update dependency prettier to v3.4.2 (#2370) (657a3f9) - (renovate[bot])

deps: Lock file maintenance (#2369) (05f0aba) - (renovate[bot])

deps: Update dependency @types/node to v22.10.1 (#2368) (4623961) - (renovate[bot])

deps: Update dependency eslint-plugin-github to v5.1.3 (#2367) (c19a7eb) - (renovate[bot])

deps: Update dependency prettier to v3.4.1 (#2366) (c288441) - (renovate[bot])

deps: Update dependency prettier to v3.4.0 (#2365) (1d6ea46) - (renovate[bot])

deps: Update dependency @types/node to v22.10.0 (#2364) (02b41f5) - (renovate[bot])

deps: Update dependency @types/node to v22.9.4 (#2361) (b4a4dca) - (renovate[bot])

deps: Lock file maintenance (#2360) (602aacf) - (renovate[bot])

deps: Update dependency @types/node to v22.9.3 (#2359) (51290e0) - (renovate[bot])

deps: Update dependency @types/node to v22.9.2 (#2358) (b4badd8) - (renovate[bot])

deps: Update dependency typescript to v5.7.2 (#2357) (652b4c0) - (renovate[bot])

deps-dev: Bump eslint-plugin-github from 5.0.2 to 5.1.1 (#2356) (0b7a421) - (dependabot[bot])

deps: Bump yaml from 2.6.0 to 2.6.1 (#2353) (b26581a) - (dependabot[bot])

deps: Update dependency @types/node to v22.9.1 (#2352) (43e6b45) - (renovate[bot])

deps: Lock file maintenance (#2349) (fe1bc0e) - (renovate[bot])

deps: Update dependency @vercel/ncc to v0.38.3 (#2348) (d7917c6) - (renovate[bot])

... (truncated)

Commits

d6e91a2 chore(deps): update dependency @types/lodash to v4.17.14 (#2388)
73401cd chore(deps): update dependency @types/node to v22.10.5 (#2387)
7f28b2b chore(deps): update dependency @types/node to v22.10.4 (#2386)
c1f82ce chore(deps): update dependency @types/node to v22.10.3 (#2385)
5f974c2 fix(deps): update dependency yaml to v2.7.0 (#2383)
bb364ec chore(deps): lock file maintenance (#2382)
7ac5902 chore(deps): update peter-evans/create-pull-request action to v7.0.6 (#2380)
7c5097f chore(deps): lock file maintenance (#2379)
37dc9a5 chore(deps): update dependency eslint-plugin-jest to v28.10.0 (#2378)
515a6b3 chore(deps): lock file maintenance (#2377)
Additional commits viewable in compare view

Updates aminya/setup-cpp from 0.44.0 to 0.46.0

Release notes

Sourced from aminya/setup-cpp's releases.

v0.46.0

What's Changed

feat: remove the LLVM repo on apt install failures by @aminya in aminya/setup-cpp#331

fix: support LLVM 11-16 on Ubuntu 24 by @aminya in aminya/setup-cpp#331

fix: fix GCC installation on some Ubuntu Arm64 versions by @aminya in aminya/setup-cpp#331

fix: install GCC without PPA if possible by @aminya in aminya/setup-cpp#331

Full Changelog: aminya/setup-cpp@v0.45.0...v0.46.0

v0.45.0

What's Changed

feat: store default versions in a json version file by @aminya in aminya/setup-cpp#312

fix: update LLVM to 19 by @aminya in aminya/setup-cpp#324

feat: support Windows arm cross-compilation by @aminya in aminya/setup-cpp#324

feat: support all brew install options by @aminya in aminya/setup-cpp#315

fix: update cmake, meson, task, mingw by @aminya in aminya/setup-cpp#324

fix: do not warn on pipx, venv, setuptools, doxygen installations by @aminya in aminya/setup-cpp#315

fix: check for the existence of venv module before installing by @aminya in aminya/setup-cpp#327

fix: require python 3.8.0 for applicant by @aminya in aminya/setup-cpp#315

test on MacOS 15 by @aminya in aminya/setup-cpp#324

Full Changelog: aminya/setup-cpp@v0.44.0...v0.45.0

Commits

12e62a1 chore: v0.46.0 [skip test]
60dbf57 Merge pull request #331 from aminya/llvm-remove-repo [skip ci]
035c062 fix: update the add-apt-repository llvm patch
1193453 fix: first try gcc installation without the ppa
b8c9910 fix: fix gcc installation on Ubuntu Arm64
d1a8e5e fix: add missing CURRENT_LLVM_STABLE variable
17f5ebc fix: install libtinfo 6 instead of libtinfo-dev
a1e3058 feat: remove the LLVM repo on apt install failures
1fd8139 chore: v0.45.0 [skip test]
d90b3b5 Merge pull request #327 from aminya/venv-mac
Additional commits viewable in compare view

Updates actions/setup-python from 5.3.0 to 5.4.0

Release notes

Sourced from actions/setup-python's releases.

v5.4.0

What's Changed

Enhancements:

Update cache error message by @aparnajyothi-y in actions/setup-python#968

Enhance Workflows: Add Ubuntu-24, Remove Python 3.8 by @priya-kinthali in actions/setup-python#985

Configure Dependabot settings by @HarithaVattikuti in actions/setup-python#1008

Documentation changes:

Readme update - recommended permissions by @benwells in actions/setup-python#1009

Improve Advanced Usage examples by @lrq3000 in actions/setup-python#645

Dependency updates:

Upgrade undici from 5.28.4 to 5.28.5 by @dependabot in actions/setup-python#1012

Upgrade urllib3 from 1.25.9 to 1.26.19 in /tests/data by @dependabot in actions/setup-python#895

Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @dependabot in actions/setup-python#1014

Upgrade @actions/http-client from 2.2.1 to 2.2.3 by @dependabot in actions/setup-python#1020

Upgrade requests from 2.24.0 to 2.32.2 in /tests/data by @dependabot in actions/setup-python#1019

Upgrade @actions/cache to ^4.0.0 by @priyagupta108 in actions/setup-python#1007

New Contributors

@benwells made their first contribution in actions/setup-python#1009

@HarithaVattikuti made their first contribution in actions/setup-python#1008

@lrq3000 made their first contribution in actions/setup-python#645

Full Changelog: actions/setup-python@v5...v5.4.0

Commits

4237552 Improve Advanced Usage examples (#645)
709bfa5 Bump requests from 2.24.0 to 2.32.2 in /tests/data (#1019)
ceb20b2 Bump @actions/http-client from 2.2.1 to 2.2.3 (#1020)
0dc2d2c Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1014)
feb9c6e Bump urllib3 from 1.25.9 to 1.26.19 in /tests/data (#895)
d0b4fc4 Bump undici from 5.28.4 to 5.28.5 (#1012)
e3dfaac Configure Dependabot settings (#1008)
b8cf3eb Use the new cache service: upgrade @actions/cache to ^4.0.0 (#1007)
1928ae6 Update README.md (#1009)
3fddbee Enhance Workflows: Add Ubuntu-24, Remove Python 3.8 (#985)
Additional commits viewable in compare view

Updates ossf/scorecard-action from 2.3.1 to 2.4.0

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.0

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @spencerschrock in ossf/scorecard-action#1410

🐛 lower license sarif alert threshold to 9 by @spencerschrock in ossf/scorecard-action#1411

Documentation

docs: dogfooding badge by @jkowalleck in ossf/scorecard-action#1399

New Contributors

@jkowalleck made their first contribution in ossf/scorecard-action#1399

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

v2.3.3

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @spencerschrock in ossf/scorecard-action#1366

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @spencerschrock in ossf/scorecard-action#1374

🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @spencerschrock in ossf/scorecard-action#1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

📖 Move token discussion out of main README. by @spencerschrock in ossf/scorecard-action#1279

📖 link to ossf/scorecard workflow instead of maintaining an example by @spencerschrock in ossf/scorecard-action#1352

📖 update api links to new scorecard.dev site by @spencerschrock in ossf/scorecard-action#1376

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

Commits

62b2cac bump docker tag to v2.4.0 for release (#1414)
c09630c lower license score alert threshold to 9 (#1411)
cf8594c 🌱 Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1413)
de5fcb9 🌱 Bump the github-actions group with 2 updates (#1412)
a46b90b bump scorecard to v5.0.0 release (#1410)
9fc518d 🌱 Bump golang in the docker-images group (#1407)
a8eaa1b 🌱 Bump the github-actions group with 2 updates (#1408)
873d5fd 🌱 Bump the github-actions group across 1 directory with 2 updates (#...
54cc1fe 🌱 Bump the docker-images group with 2 updates (#1401)
82bcb91 🌱 Bump golang.org/x/net from 0.26.0 to 0.27.0 (#140...
Description has been truncated

Bumps the github-actions group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.10.1` | `2.10.4` | | [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.2.2` | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.4.0` | `4.5.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `45.0.3` | `45.0.6` | | [aminya/setup-cpp](https://github.com/aminya/setup-cpp) | `0.44.0` | `0.46.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5.3.0` | `5.4.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.1` | `2.4.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `97a0fba1372883ab732affbe8f94b823f91727db` | `c24449f33cd45d4826c6702db7e49f7cdb9b551d` | Updates `step-security/harden-runner` from 2.10.1 to 2.10.4 - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](step-security/harden-runner@91182cc...cb605e5) Updates `actions/checkout` from 4.1.1 to 4.2.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4.1.1...11bd719) Updates `actions/dependency-review-action` from 4.4.0 to 4.5.0 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@4081bf9...3b139cf) Updates `tj-actions/changed-files` from 45.0.3 to 45.0.6 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/changed-files@c3a1bb2...d6e91a2) Updates `aminya/setup-cpp` from 0.44.0 to 0.46.0 - [Release notes](https://github.com/aminya/setup-cpp/releases) - [Commits](aminya/setup-cpp@d485b24...12e62a1) Updates `actions/setup-python` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@0b93645...4237552) Updates `ossf/scorecard-action` from 2.3.1 to 2.4.0 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@0864cf1...62b2cac) Updates `actions/upload-artifact` from 97a0fba1372883ab732affbe8f94b823f91727db to c24449f33cd45d4826c6702db7e49f7cdb9b551d - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@97a0fba...c24449f) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: tj-actions/changed-files dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: aminya/setup-cpp dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot bot requested a review from a team as a code owner February 1, 2025 04:32

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Feb 1, 2025

Maxim-Doronin approved these changes Feb 19, 2025

View reviewed changes

Maxim-Doronin merged commit cb2419a into npu/release/18.x Feb 19, 2025
8 of 10 checks passed

dependabot bot deleted the dependabot/github_actions/github-actions-d69c9c43be branch February 19, 2025 14:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group across 1 directory with 8 updates #96

Bump the github-actions group across 1 directory with 8 updates #96

dependabot bot commented on behalf of github Feb 1, 2025

Bump the github-actions group across 1 directory with 8 updates #96

Bump the github-actions group across 1 directory with 8 updates #96

Conversation

dependabot bot commented on behalf of github Feb 1, 2025

v2.10.4

What's Changed

v2.10.3

What's Changed

v2.10.2

What's Changed

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

v4.2.0

What's Changed

New Contributors

v4.1.7

What's Changed

New Contributors

v4.1.6

What's Changed

v4.1.5

What's Changed

Changelog

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.5.0

What's Changed

New Contributors

v45.0.6

What's Changed

v45.0.5

What's Changed

v45.0.4

What's Changed

Changelog

45.0.6 - (2025-01-03)

🐛 Bug Fixes

⚙️ Miscellaneous Tasks

⬆️ Upgrades

45.0.5 - (2024-12-05)

⚙️ Miscellaneous Tasks

v0.46.0

What's Changed

v0.45.0

What's Changed

v5.4.0

What's Changed

Enhancements:

Documentation changes:

Dependency updates:

New Contributors

v2.4.0

What's Changed

Documentation

New Contributors

v2.3.3

What's Changed

Documentation