From f8b16039d91677803523c94755cee3c2db9c3255 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 May 2026 11:18:15 +0000 Subject: [PATCH 1/2] chore(deps): bump the github-actions group across 1 directory with 10 updates Bumps the github-actions group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4.3.1` | `6.0.2` | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.5.0` | `3.1.0` | | [miniscruff/changie-action](https://github.com/miniscruff/changie-action) | `2.0.0` | `3.0.0` | | [actions/setup-go](https://github.com/actions/setup-go) | `5.6.0` | `6.4.0` | | [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) | `6.5.2` | `9.2.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.4` | `6.0.0` | | [labd/changie-release-action](https://github.com/labd/changie-release-action) | `0.6.0` | `0.6.1` | | [labd/action-gh-app-token](https://github.com/labd/action-gh-app-token) | `7ff980ba334a28226bad9c85412b4a84c23a3787` | `570381a08efe9c961806a3a3bc5882af5f50ef6a` | | [actions/add-to-project](https://github.com/actions/add-to-project) | `1.0.2` | `2.0.0` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `0.5.2` | `0.5.3` | Updates `actions/checkout` from 4.3.1 to 6.0.2 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4.3.1...de0fac2e4500dabe0009e67214ff5f5447ce83dd) Updates `dependabot/fetch-metadata` from 2.5.0 to 3.1.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/21025c705c08248db411dc16f3619e6b5f9ea21a...25dd0e34f4fe68f24cc83900b1fe3fe149efef98) Updates `miniscruff/changie-action` from 2.0.0 to 3.0.0 - [Release notes](https://github.com/miniscruff/changie-action/releases) - [Changelog](https://github.com/miniscruff/changie-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/miniscruff/changie-action/compare/6dcc2533cac0495148ed4046c438487e4dceaa23...11bcad388e7973948cbcecb10863baf024d5f607) Updates `actions/setup-go` from 5.6.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/40f1582b2485089dde7abd97c1529aa768e1baff...4a3601121dd01d1626a1e23e37211e3254c1c06c) Updates `golangci/golangci-lint-action` from 6.5.2 to 9.2.0 - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/55c2c1448f86e01eaae002a5a3a9624417608d84...1e7e51e771db61008b38414a730f564565cf7c20) Updates `codecov/codecov-action` from 5.5.4 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/75cd11691c0faa626561e295848008c8a7dddffe...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2) Updates `labd/changie-release-action` from 0.6.0 to 0.6.1 - [Release notes](https://github.com/labd/changie-release-action/releases) - [Changelog](https://github.com/labd/changie-release-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/labd/changie-release-action/compare/ac4d65e736733f1d2c363dd5d99b43a1add5aaef...1299f6ba27a50b2f2beb09d73bcbdc1d87a415f4) Updates `labd/action-gh-app-token` from 7ff980ba334a28226bad9c85412b4a84c23a3787 to 570381a08efe9c961806a3a3bc5882af5f50ef6a - [Release notes](https://github.com/labd/action-gh-app-token/releases) - [Changelog](https://github.com/labd/action-gh-app-token/blob/main/CHANGELOG.md) - [Commits](https://github.com/labd/action-gh-app-token/compare/7ff980ba334a28226bad9c85412b4a84c23a3787...570381a08efe9c961806a3a3bc5882af5f50ef6a) Updates `actions/add-to-project` from 1.0.2 to 2.0.0 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](https://github.com/actions/add-to-project/compare/244f685bbc3b7adfa8466e08b698b5577571133e...5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd) Updates `zizmorcore/zizmor-action` from 0.5.2 to 0.5.3 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8...b1d7e1fb5de872772f31590499237e7cce841e8e) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: dependabot/fetch-metadata dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: miniscruff/changie-action dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: golangci/golangci-lint-action dependency-version: 9.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: labd/changie-release-action dependency-version: 0.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: labd/action-gh-app-token dependency-version: 570381a08efe9c961806a3a3bc5882af5f50ef6a dependency-type: direct:production dependency-group: github-actions - dependency-name: actions/add-to-project dependency-version: 2.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: zizmorcore/zizmor-action dependency-version: 0.5.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/dependabot-changie.yaml | 6 +++--- .github/workflows/tests.yml | 12 ++++++------ .github/workflows/triage.yaml | 4 ++-- .github/workflows/zizmor.yaml | 2 +- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/dependabot-changie.yaml b/.github/workflows/dependabot-changie.yaml index b310044..931c6b1 100644 --- a/.github/workflows/dependabot-changie.yaml +++ b/.github/workflows/dependabot-changie.yaml @@ -15,16 +15,16 @@ jobs: if: github.event.pull_request.user.id == 49699333 steps: - name: Checkout - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Fetch Dependabot metadata id: dependabot-metadata - uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0 + uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" - name: Create change file - uses: miniscruff/changie-action@6dcc2533cac0495148ed4046c438487e4dceaa23 # v2.0.0 + uses: miniscruff/changie-action@11bcad388e7973948cbcecb10863baf024d5f607 # v3.0.0 with: version: latest args: new --body "${{ github.event.pull_request.title }}" --kind Dependency diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index cec014e..f9f60b2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -7,16 +7,16 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go 1.20 - uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0 + uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0 with: go-version: "1.20" - name: golangci-lint continue-on-error: true - uses: golangci/golangci-lint-action@55c2c1448f86e01eaae002a5a3a9624417608d84 # v6.5.2 + uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0 with: args: --issues-exit-code=0 --timeout=5m @@ -24,7 +24,7 @@ jobs: run: go test -race -coverprofile=coverage.out -covermode=atomic -coverpkg=./... -v ./... - name: Upload to codecov - uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5.5.4 + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 with: verbose: true @@ -37,12 +37,12 @@ jobs: pull-requests: write actions: write steps: - - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 - name: Prepare release - uses: labd/changie-release-action@ac4d65e736733f1d2c363dd5d99b43a1add5aaef # v0.6.0 + uses: labd/changie-release-action@1299f6ba27a50b2f2beb09d73bcbdc1d87a415f4 # v0.6.1 with: github-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/triage.yaml b/.github/workflows/triage.yaml index 398f0d7..f0aca12 100644 --- a/.github/workflows/triage.yaml +++ b/.github/workflows/triage.yaml @@ -15,13 +15,13 @@ jobs: steps: - name: get app token id: get-app-token - uses: labd/action-gh-app-token@7ff980ba334a28226bad9c85412b4a84c23a3787 # main + uses: labd/action-gh-app-token@570381a08efe9c961806a3a3bc5882af5f50ef6a # main with: app-id: ${{ secrets.RD_APP_ID }} private-key: ${{ secrets.RD_APP_PRIVATE_KEY }} installation-id: ${{ secrets.RD_APP_INSTALLATION_ID }} - name: set to project board - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2 + uses: actions/add-to-project@5afcf98fcd03f1c2f92c3c83f58ae24323cc57fd # v2.0.0 with: project-url: https://github.com/orgs/labd/projects/3 github-token: ${{ steps.get-app-token.outputs.app-token }} diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index 8e6493b..5dc1385 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -25,7 +25,7 @@ jobs: persist-credentials: false - name: Run zizmor - uses: zizmorcore/zizmor-action@71321a20a9ded102f6e9ce5718a2fcec2c4f70d8 # v0.5.2 + uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 with: advanced-security: false annotations: true From 7fd82ccdc3419c0c19afadb66a6495a5971cee62 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 May 2026 11:18:31 +0000 Subject: [PATCH 2/2] chore(deps): add changelog for dependabot updates --- .changes/unreleased/Dependency-20260508-111830.yaml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changes/unreleased/Dependency-20260508-111830.yaml diff --git a/.changes/unreleased/Dependency-20260508-111830.yaml b/.changes/unreleased/Dependency-20260508-111830.yaml new file mode 100644 index 0000000..b0baa2e --- /dev/null +++ b/.changes/unreleased/Dependency-20260508-111830.yaml @@ -0,0 +1,3 @@ +kind: Dependency +body: 'chore(deps): bump the github-actions group across 1 directory with 10 updates' +time: 2026-05-08T11:18:30.813059709Z