ci: bump the github-actions group across 1 directory with 4 updates

[dependabot]

Bumps the github-actions group with 4 updates in the / directory: actions/checkout, actions/create-github-app-token, aws-actions/aws-secretsmanager-get-secrets and slackapi/slack-github-action.

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248
• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• v6-beta by @​ericsciple in actions/checkout#2298
• update readme/changelog for v6 by @​ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• 8e8c483 Clarify v6 README (#2328)
• 033fa0d Add worktree support for persist-credentials includeIf (#2327)
• c2d88d3 Update all references from v5 and v4 to v6 (#2314)
• 1af3b93 update readme/changelog for v6 (#2311)
• 71cf226 v6-beta (#2298)
• 069c695 Persist creds to a separate file (#2286)
• ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
• 08c6903 Prepare v5.0.0 release (#2238)
• Additional commits viewable in compare view

Updates actions/create-github-app-token from 1 to 3

Release notes

Sourced from actions/create-github-app-token's releases.

v3.0.0

3.0.0 (2026-03-14)

• feat!: node 24 support (#275) (2e564a0)
• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (4451bcb)

Bug Fixes

• remove custom proxy handling (#143) (dce0ab0)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v3.0.0-beta.6

3.0.0-beta.6 (2026-03-13)

Bug Fixes

• deps: bump @​actions/core from 1.11.1 to 3.0.0 (#337) (b044133)
• deps: bump minimatch from 9.0.5 to 9.0.9 (#335) (5cbc656)
• deps: bump the production-dependencies group with 4 updates (#336) (6bda5bc)
• deps: bump undici from 7.16.0 to 7.18.2 (#323) (b4f638f)

v3.0.0-beta.5

3.0.0-beta.5 (2026-03-13)

• fix!: require NODE_USE_ENV_PROXY for proxy support (#342) (d53a1cd)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.

v3.0.0-beta.4

3.0.0-beta.4 (2026-03-13)

Bug Fixes

• deps: bump @​octokit/auth-app from 7.2.1 to 8.0.1 (#257) (bef1eaf)
• deps: bump @​octokit/request from 9.2.3 to 10.0.2 (#256) (5d7307b)
• deps: bump glob from 10.4.5 to 10.5.0 (#305) (5480f43)
• deps: bump p-retry from 6.2.1 to 7.1.0 (#294) (dce3be8)

... (truncated)

Changelog

Sourced from actions/create-github-app-token's changelog.

Changelog

3.2.0 (2026-05-12)

Features

• add support for enterprise-level GitHub Apps (#263) (952a2a7)
• support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

• deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
• validate private-key input (#376) (f24bbd8)

Commits

• bcd2ba4 chore(main): release 3.2.0 (#370)
• f24bbd8 fix: validate private-key input (#376)
• 363531b docs: capitalize Git as a proper noun in README (#374)
• fd28011 docs: update procedure to configure Git (#287)
• 85eb8dd feat: support full repository names in repositories input (#372)
• c9aabb8 build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...
• e02e816 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)
• 8d835bf build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...
• 952a2a7 feat: add support for enterprise-level GitHub Apps (#263)
• 43e5c34 fix(deps): bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependenc...
• Additional commits viewable in compare view

Updates aws-actions/aws-secretsmanager-get-secrets from 2 to 3

Release notes

Sourced from aws-actions/aws-secretsmanager-get-secrets's releases.

v3

This tracks the latest v3.x.x version

v2.0.10

What's Changed

• Extend cleanup list if list already contains items by @​rmennes in aws-actions/aws-secretsmanager-get-secrets#236
• chore: Bump codecov/codecov-action from 4.5.0 to 5.4.2 by @​dependabot in aws-actions/aws-secretsmanager-get-secrets#248
• Fix invalid URL by @​reyhankoyun in aws-actions/aws-secretsmanager-get-secrets#254

New Contributors

• @​rmennes made their first contribution in aws-actions/aws-secretsmanager-get-secrets#236
• @​reyhankoyun made their first contribution in aws-actions/aws-secretsmanager-get-secrets#254

Full Changelog: aws-actions/aws-secretsmanager-get-secrets@v2...v2.0.10

v2.0.9

What's Changed

• Fix edge case having a value with numeric start and also a prefix by @​Geethik07 in aws-actions/aws-secretsmanager-get-secrets#242
• npm upgrade by @​simonmarty in aws-actions/aws-secretsmanager-get-secrets#244

New Contributors

• @​Geethik07 made their first contribution in aws-actions/aws-secretsmanager-get-secrets#242

Full Changelog: aws-actions/aws-secretsmanager-get-secrets@v2...v2.0.9

v2.0.8

What's Changed

• Group minor version updates by @​simonmarty in aws-actions/aws-secretsmanager-get-secrets#208
• Added Timeout Configuration by @​nikvpat in aws-actions/aws-secretsmanager-get-secrets#228

New Contributors

• @​nikvpat made their first contribution in aws-actions/aws-secretsmanager-get-secrets#228

Full Changelog: aws-actions/aws-secretsmanager-get-secrets@v2...v2.0.8

v2.0.7

What's Changed

• Increasing auto select family attempt timeout by @​jirkafajfr in aws-actions/aws-secretsmanager-get-secrets#205

Full Changelog: aws-actions/aws-secretsmanager-get-secrets@v2...v2.0.7

v2.0.6

What's Changed

• Bump @​aws-sdk/client-secrets-manager from 3.554.0 to 3.592.0 by @​dependabot in aws-actions/aws-secretsmanager-get-secrets#140
• chore: Bump aws-sdk-client-mock and aws-sdk-client-mock-jest by @​dependabot in aws-actions/aws-secretsmanager-get-secrets#143
• Bump codecov/codecov-action from 4.3.0 to 4.4.1 by @​dependabot in aws-actions/aws-secretsmanager-get-secrets#132
• Name transformation documentation by @​jirkafajfr in aws-actions/aws-secretsmanager-get-secrets#139
• Bump @​aws-sdk/client-secrets-manager from 3.592.0 to 3.598.0 by @​dependabot in aws-actions/aws-secretsmanager-get-secrets#146
• Bump codecov/codecov-action from 4.4.1 to 4.5.0 by @​dependabot in aws-actions/aws-secretsmanager-get-secrets#148

... (truncated)

Commits

• 2cb1a46 Bump handlebars from 4.7.8 to 4.7.9 (#301)
• ebbee5c Grant write permissions to the release workflow (#300)
• 3a411b6 Bump version from 2.0.11 to 3.0.0 (#297)
• 07435e3 Remove actions/github, update actions/core (#299)
• bed0d09 Update dependencies (#298)
• ca8dc62 chore: Bump flatted from 3.3.3 to 3.4.2 (#295)
• 9c2003c Update dependencies (#292)
• 8d2df8d Add versioned user-agent to AWS API calls (#272)
• aa511bf fix: use OIDC for Codecov (#266)
• 3f3c975 Replace push dist/ with check dist/ (#256)
• See full diff in compare view

Updates slackapi/slack-github-action from 2.1.1 to 3.0.3

Release notes

Sourced from slackapi/slack-github-action's releases.

Slack GitHub Action v3.0.3

Patch Changes

• 66834e4: feat: add instrumentation to address error rates

Slack GitHub Action v3.0.2

Patch Changes

• 79529d7: fix: resolve url.parse deprecation warning for webhook techniques

Slack GitHub Action v3.0.1

What's Changed

Alongside the breaking changes of @v3.0.0 and a new technique to run Slack CLI commands, we tried the wrong name to publish to the GitHub Marketplace 🐙 This action is now noted as The Slack GitHub Action in listings 🎶 ✨

🎨 Maintenance

• chore: use a unique title for marketplace in slackapi/slack-github-action#576 - Thanks @​zimeg!
• chore(release): tag version 3.0.1 in slackapi/slack-github-action#577 - Thanks @​zimeg!

Full Changelog: slackapi/slack-github-action@v3.0.0...v3.0.1

Slack GitHub Action v3.0.0

The @v3.0.0 release had a hiccup on publish and we recommend using @​v3.0.1 or a more recent version when updating! Oops!

🎽 Running Slack CLI commands and the active Node runtime, both included in this release 👟 ✨

⚠️ Breaking change: Node.js 24 the runtime

This major version updates the GitHub Actions required runtime to Node.js 24. Most GitHub-hosted runners already include this, but self-hosted runners may need to be updated ahead of planned deprecations of Node 20 on GitHub Actions runners.

📺 Enhancement: Run Slack CLI commands

This release introduces a new technique for running Slack CLI commands directly in GitHub Actions workflows. Use this to install the latest version (or a specific one) of the CLI and execute commands like deploy for merges to main, manifest validate with tests, and other commands.

Gather a token using the following CLI command to store with repo secrets, then get started with an example below:

$ slack auth token

🧪 Validate an app manifest on pull requests

Check that your app manifest is valid before merging changes:

🔗 https://docs.slack.dev/tools/slack-github-action/sending-techniques/running-slack-cli-commands/validate-a-manifest

- name: Validate the manifest
</tr></table> 

... (truncated)

Changelog

Sourced from slackapi/slack-github-action's changelog.

3.0.3

Patch Changes

• 66834e4: feat: add instrumentation to address error rates

3.0.2

Patch Changes

• 79529d7: fix: resolve url.parse deprecation warning for webhook techniques

Commits

• 45a88b9 chore: release
• 1c0bcf0 chore: release (#606)
• 66834e4 feat: add instrumentation to address error rates (#600)
• 0fe0f90 build(deps): bump @​actions/github from 9.0.0 to 9.1.1 (#605)
• c5e7059 build(deps): bump @​slack/web-api from 7.15.0 to 7.15.1 (#604)
• 0325526 build(deps-dev): bump @​biomejs/biome from 2.4.10 to 2.4.13 (#601)
• 900cd3e build(deps-dev): bump @​types/node from 24.12.0 to 24.12.2 (#603)
• 53fdcff build(deps): bump @​actions/core from 3.0.0 to 3.0.1 (#602)
• 26856cc build(deps): bump slackapi/slack-github-action from 3.0.1 to 3.0.2 (#596)
• feba1e2 ci: skip publish step if no release is needed (#599)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Coverage Report

Status	Category	Percentage	Covered / Total
🔵	Lines	43.65%	10527 / 24112
🔵	Statements	42.89%	11190 / 26085
🔵	Functions	40.58%	1808 / 4455
🔵	Branches	39.81%	6728 / 16900

Generated in workflow #3299 for commit 25a220a by the Vitest Coverage Report Action