Skip to content

chore(deps): bump the actions-deps group with 5 updates#68

Merged
amagyar-iohk merged 1 commit intomainfrom
dependabot/github_actions/actions-deps-3df77af198
Dec 3, 2025
Merged

chore(deps): bump the actions-deps group with 5 updates#68
amagyar-iohk merged 1 commit intomainfrom
dependabot/github_actions/actions-deps-3df77af198

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 3, 2025
edited
Loading

Bumps the actions-deps group with 5 updates:

Package From To
step-security/harden-runner 2.13.2 2.13.3
actions/checkout 6.0.0 6.0.1
actions/setup-node 6.0.0 6.1.0
ossf/scorecard-action 2.4.1 2.4.3
peter-evans/repository-dispatch 3.0.0 4.0.1

Updates step-security/harden-runner from 2.13.2 to 2.13.3

Release notes

Sourced from step-security/harden-runner's releases.

v2.13.3

What's Changed

  • Fixed an issue where process events were not uploaded in certain edge cases.

Full Changelog: step-security/harden-runner@v2.13.2...v2.13.3

Commits

Updates actions/checkout from 6.0.0 to 6.0.1

Release notes

Sourced from actions/checkout's releases.

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Commits

Updates actions/setup-node from 6.0.0 to 6.1.0

Release notes

Sourced from actions/setup-node's releases.

v6.1.0

What's Changed

Enhancement:

Dependency updates:

Documentation update:

Full Changelog: actions/setup-node@v6...v6.1.0

Commits

Updates ossf/scorecard-action from 2.4.1 to 2.4.3

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

Other

New Contributors

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

v2.4.2

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

Commits
  • 4eaacf0 bump docker to ghcr v2.4.3 (#1587)
  • 42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
  • 88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
  • 6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
  • 92083b5 📖 Fix recommended command to test the image in development (#1583)
  • 7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
  • 0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
  • 46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
  • c3f1350 🌱 Improve printing options (#1584)
  • 43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
  • Additional commits viewable in compare view

Updates peter-evans/repository-dispatch from 3.0.0 to 4.0.1

Release notes

Sourced from peter-evans/repository-dispatch's releases.

v4.0.1

What's Changed

Full Changelog: peter-evans/repository-dispatch@v4.0.0...v4.0.1

Repository Dispatch v4.0.0

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

... (truncated)

Commits
  • 28959ce Fix node version in actions.yml (#433)
  • 25d29c2 build(deps-dev): bump @​types/node in the npm group (#432)
  • 830136c build(deps): bump the github-actions group with 3 updates (#431)
  • 2c856c6 ci: update dependabot config
  • 6673907 build(deps-dev): bump @​types/node from 18.19.127 to 18.19.129 (#429)
  • 952a211 build(deps): bump peter-evans/repository-dispatch from 3 to 4 (#428)
  • 5fc4efd docs: update readme
  • a628c95 feat: v4 (#427)
  • de78ac1 build(deps-dev): bump @​vercel/ncc from 0.38.3 to 0.38.4 (#425)
  • f49fa7f build(deps-dev): bump @​types/node from 18.19.124 to 18.19.127 (#426)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 3, 2025
@dependabot dependabot bot requested a review from amagyar-iohk as a code owner December 3, 2025 14:20
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Dec 3, 2025
@dependabot
chore(deps): bump the actions-deps group with 5 updates
eb9c20a 
Bumps the actions-deps group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.2` | `2.13.3` |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.0` | `6.0.1` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.0.0` | `6.1.0` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.1` | `2.4.3` |
| [peter-evans/repository-dispatch](https://github.com/peter-evans/repository-dispatch) | `3.0.0` | `4.0.1` |


Updates `step-security/harden-runner` from 2.13.2 to 2.13.3
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@95d9a5d...df199fb)

Updates `actions/checkout` from 6.0.0 to 6.0.1
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@1af3b93...8e8c483)

Updates `actions/setup-node` from 6.0.0 to 6.1.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@2028fbc...395ad32)

Updates `ossf/scorecard-action` from 2.4.1 to 2.4.3
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@f49aabe...4eaacf0)

Updates `peter-evans/repository-dispatch` from 3.0.0 to 4.0.1
- [Release notes](https://github.com/peter-evans/repository-dispatch/releases)
- [Commits](peter-evans/repository-dispatch@ff45666...28959ce)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.13.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: actions/setup-node
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: peter-evans/repository-dispatch
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/actions-deps-3df77af198 branch from dc9410a to eb9c20a Compare December 3, 2025 14:49
@amagyar-iohk amagyar-iohk merged commit 29f7b78 into main Dec 3, 2025
7 checks passed
@amagyar-iohk amagyar-iohk deleted the dependabot/github_actions/actions-deps-3df77af198 branch December 3, 2025 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mineme0110 mineme0110 mineme0110 approved these changes

@amagyar-iohk amagyar-iohk amagyar-iohk approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mineme0110 @amagyar-iohk