Skip to content

Bump the ci_dependencies group across 1 directory with 9 updates #9669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the ci_dependencies group across 1 directory with 9 updates #9669

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 8, 2025

Bumps the ci_dependencies group with 9 updates in the / directory:

Package From To
actions/checkout 4 5
actions/download-artifact 4 5
actions/setup-node 4 5
lycheeverse/lychee-action 2.4.1 2.6.1
actions-rust-lang/setup-rust-toolchain 1.13.0 1.14.1
actions/github-script 7 8
actions/setup-python 5 6
aws-actions/configure-aws-credentials 4.2.1 5.0.0
actions/attest-build-provenance 2.4.0 3.0.0

Updates actions/checkout from 4 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

New Contributors

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Commits

Updates actions/download-artifact from 4 to 5

Release notes

Sourced from actions/download-artifact's releases.

v5.0.0

What's Changed

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

  • By name: name: my-artifact → extracted to path/ (direct)
  • By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

  • By name: name: my-artifact → extracted to path/ (unchanged)
  • By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:
  • You download artifacts by name
  • You download multiple artifacts by ID
  • You already use merge-multiple: true as a workaround
⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist
# Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

</tr></table>

... (truncated)

Commits
  • 634f93c Merge pull request #416 from actions/single-artifact-id-download-path
  • b19ff43 refactor: resolve download path correctly in artifact download tests (mainly ...
  • e262cbe bundle dist
  • bff23f9 update docs
  • fff8c14 fix download path logic when downloading a single artifact by id
  • 448e3f8 Merge pull request #407 from actions/nebuk89-patch-1
  • 47225c4 Update README.md
  • See full diff in compare view

Updates actions/setup-node from 4 to 5

Release notes

Sourced from actions/setup-node's releases.

v5.0.0

What's Changed

Breaking Changes

This update, introduces automatic caching when a valid packageManager field is present in your package.json. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set package-manager-cache: false

steps:
- uses: actions/checkout@v5
- uses: actions/setup-node@v5
  with:
    package-manager-cache: false

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

New Contributors

Full Changelog: actions/setup-node@v4...v5.0.0

v4.4.0

What's Changed

Bug fixes:

Enhancement:

Dependency update:

New Contributors

Full Changelogactions/setup-node@v4...v4.4.0

... (truncated)

Commits

Updates lycheeverse/lychee-action from 2.4.1 to 2.6.1

Release notes

Sourced from lycheeverse/lychee-action's releases.

Version 2.6.1

What's Changed

Full Changelog: lycheeverse/lychee-action@v2...v2.6.1

Version 2.6.0

What's Changed

Full Changelog: lycheeverse/lychee-action@v2...v2.6.0

Version 2.5.0

Summary

Most notably with this release the deprecated --exclude-mail flag was removed and the behavior of the --accept flag was updated. Previously, status codes such as 200 OK were always accepted. Now they are only accepted by default. This means providing the argument --accept 201 now rejects status code 200 OK.

What's Changed

Full Changelog: lycheeverse/lychee-action@v2...v2.5.0

Commits

Updates actions-rust-lang/setup-rust-toolchain from 1.13.0 to 1.14.1

Release notes

Sourced from actions-rust-lang/setup-rust-toolchain's releases.

v1.14.1

What's Changed

New Contributors

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.14.0...v1.14.1

v1.14.0

What's Changed

  • Add new parameters cache-all-crates and cache-workspace-crates that are propagated to Swatinem/rust-cache as cache-all-crates and cache-workspace-crates Solves #67

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.13.0...v1.14.0

Changelog

Sourced from actions-rust-lang/setup-rust-toolchain's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.14.1] - 2025-08-28

[1.14.0] - 2025-08-23

  • Add new parameters cache-all-crates and cache-workspace-crates that are propagated to Swatinem/rust-cache as cache-all-crates and cache-workspace-crates

[1.13.0] - 2025-06-16

  • Add new parameter cache-provider that is propagated to Swatinem/rust-cache as cache-provider (#65 by @​mindrunner)

[1.12.0] - 2025-04-23

  • Add support for installing rustup on Windows (#58 by @​maennchen) This adds support for using Rust on the GitHub provided Windows ARM runners.

[1.11.0] - 2025-02-24

  • Add new parameter cache-bin that is propagated to Swatinem/rust-cache as cache-bin (#51 by @​enkhjile)
  • Add new parameter cache-shared-key that is propagated to Swatinem/rust-cache as shared-key (#52 by @​skanehira)

[1.10.1] - 2024-10-01

  • Fix problem matcher for rustfmt output. The format has changed since rust-lang/rustfmt#5971 and now follows the form "filename:line". Thanks to @​0xcypher02 for pointing out the problem.

[1.10.0] - 2024-09-23

  • Add new parameter cache-directories that is propagated to Swatinem/rust-cache (#44 by @​pranc1ngpegasus)
  • Add new parameter cache-key that is propagated to Swatinem/rust-cache as key (#41 by @​iainlane)
  • Make rustup toolchain installation more robust in light of planned changes rust-lang/rustup#3635 and rust-lang/rustup#3985
  • Allow installing multiple Rust toolchains by specifying multiple versions in the toolchain input parameter.
  • Configure the rustup override behavior via the new override input. (#38)

[1.9.0] - 2024-06-08

  • Add extra argument cache-on-failure and forward it to Swatinem/rust-cache. (#39 by @​samuelhnrq)
    Set the default the value to true. This will result in more caching than previously.

... (truncated)

Commits
  • ac90e63 Update changelog for v1.14.1
  • c6aecb0 Update the dependabot schedule
  • 8b89091 Merge pull request #68 from JohnTitor/pin-actions
  • f964086 Merge branch 'main' into pin-actions
  • ab68452 Add new parameters cache-all-crates and cache-workspace-crates
  • eb1c1a5 Pin Swatinem/rust-cache action to a full commit SHA
  • See full diff in compare view

Updates actions/github-script from 7 to 8

Release notes

Sourced from actions/github-script's releases.

v8.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

New Contributors

Full Changelog: actions/github-script@v7.1.0...v8.0.0

v7.1.0

What's Changed

New Contributors

Full Changelog: actions/github-script@v7...v7.1.0

... (truncated)

Commits

Updates actions/setup-python from 5 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Bug fixes:

... (truncated)

Commits
  • e797f83 Upgrade to node 24 (#1164)
  • 3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
  • 65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
  • 5b668cf Bump actions/checkout from 4 to 5 (#1181)
  • f62a0e2 Change missing cache directory error to warning (#1182)
  • 9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
  • fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
  • 03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
  • 36da51d Add version parsing from Pipfile (#1067)
  • 3c6f142 update documentation (#1156)
  • Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 4.2.1 to 5.0.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v5.0.0

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

  • Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

v4.3.1

4.3.1 (2025-08-04)

Bug Fixes

v4.3.0

4.3.0 (2025-08-04)

NOTE: This release tag originally pointed to 59b441846ad109fa4a1549b73ef4e149c4bfb53b, but a critical bug was discovered shortly after publishing. We updated this tag to d0834ad3a60a024346910e522a81b0002bd37fea to prevent anyone using the 4.3.0 tag from encountering the bug, and we published 4.3.1 to allow workflows to auto update correctly.

Features

Bug Fixes

  • docs: readme samples versioning (5b3c895)
  • the wrong example region for China partition in README (37fe9a7)
  • properly set proxy environment variable (cbea708)

Miscellaneous Chores

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

5.0.0 (2025-09-03)

⚠ BREAKING CHANGES

  • Cleanup input handling. Changes invalid boolean input behavior (see #1445)

Features

4.3.1 (2025-08-04)

Bug Fixes

4.3.0 (2025-08-04)

Features

Bug Fixes

  • docs: readme samples versioning (5b3c895)
  • the wrong example region for China partition in README (37fe9a7)
  • properly set proxy environment variable (cbea708)

Miscellaneous Chores

4.2.1 (2025-05-14)

Bug Fixes

  • ensure explicit inputs take precedence over environment variables (e56e6c4)

... (truncated)

Commits

Updates actions/attest-build-provenance from 2.4.0 to 3.0.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v3.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1 Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/attest-build-provenance@v2.4.0...v3.0.0

Commits

@dependabot
Bump the ci_dependencies group across 1 directory with 9 updates
2beb802 
Bumps the ci_dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `5` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `5` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `5` |
| [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) | `2.4.1` | `2.6.1` |
| [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) | `1.13.0` | `1.14.1` |
| [actions/github-script](https://github.com/actions/github-script) | `7` | `8` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` |
| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.2.1` | `5.0.0` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.4.0` | `3.0.0` |



Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4...v5)

Updates `actions/setup-node` from 4 to 5
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v5)

Updates `lycheeverse/lychee-action` from 2.4.1 to 2.6.1
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](lycheeverse/lychee-action@82202e5...885c65f)

Updates `actions-rust-lang/setup-rust-toolchain` from 1.13.0 to 1.14.1
- [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases)
- [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md)
- [Commits](actions-rust-lang/setup-rust-toolchain@fb51252...ac90e63)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](actions/github-script@v7...v8)

Updates `actions/setup-python` from 5 to 6
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

Updates `aws-actions/configure-aws-credentials` from 4.2.1 to 5.0.0
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@b475783...a03048d)

Updates `actions/attest-build-provenance` from 2.4.0 to 3.0.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@e8998f9...977bb37)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci_dependencies
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci_dependencies
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci_dependencies
- dependency-name: lycheeverse/lychee-action
  dependency-version: 2.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci_dependencies
- dependency-name: actions-rust-lang/setup-rust-toolchain
  dependency-version: 1.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci_dependencies
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci_dependencies
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci_dependencies
- dependency-name: aws-actions/configure-aws-credentials
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci_dependencies
- dependency-name: actions/attest-build-provenance
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci_dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added A1-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). R0-no-crate-publish-required The change does not require any crates to be re-published. labels Sep 8, 2025
@dependabot dependabot bot requested review from a team as code owners September 8, 2025 02:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
A1-insubstantial Pull request requires no code review (e.g., a sub-repository hash update). R0-no-crate-publish-required The change does not require any crates to be re-published.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants