Skip to content

deps(actions): bump the github-actions group with 4 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

deps(actions): bump the github-actions group with 4 updates #1

dependabot wants to merge 1 commit into from
+16 −16

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 2, 2026

Bumps the github-actions group with 4 updates: actions/checkout, mozilla-actions/sccache-action, EmbarkStudios/cargo-deny-action and actions/stale.

Updates actions/checkout from 4 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

... (truncated)

Commits

Updates mozilla-actions/sccache-action from 0.0.6 to 0.0.9

Release notes

Sourced from mozilla-actions/sccache-action's releases.

v0.0.9

What's Changed

Full Changelog: Mozilla-Actions/sccache-action@v0.0.8...v0.0.9

v0.0.8

What's Changed

Dependencies

Full Changelog: Mozilla-Actions/sccache-action@v0.0.7...v0.0.8

v0.0.7

What's Changed

Dependencies

New Contributors

... (truncated)

Commits
  • 7d986dd Merge pull request #192 from sylvestre/release
  • c3f03b4 prepare release 0.0.9
  • 213d335 Force version v2 of github action.
  • 65101d4 Merge pull request #190 from sylvestre/release
  • 784917c readme: improve the wording
  • 1220c18 npm run build
  • 33f5b94 prepare version 0.0.8
  • 8bd7e91 gha: adjust the variable for deprecation
  • a2b43af Merge pull request #186 from Mozilla-Actions/dependabot/npm_and_yarn/ts-jest-...
  • a675e5f Merge pull request #185 from Mozilla-Actions/dependabot/npm_and_yarn/actions/...
  • Additional commits viewable in compare view

Updates EmbarkStudios/cargo-deny-action from 1 to 2

Release notes

Sourced from EmbarkStudios/cargo-deny-action's releases.

Release 2.0.14 - cargo-deny 0.18.6

0.18.5

Changed

  • PR#789 changed it so that release binaries are now built with LTO.
  • PR#790 and PR#794 updated various crates.

Added

  • PR#790 added SARIF as an output format, usable via --format sarif. The current output for this format is experimental and may change in future updates.

0.18.6

Fixed

  • PR#805 updated rustsec to 0.31, resolving #804.
  • PR#810 resolved #809 by printing the crate name and version when its manifest does not contain a license expression.

Added

  • PR#807 added the unused-license-exception option to configure the lint level, resolving #806.

Changed

Release 2.0.13 - cargo-deny 0.18.4

Added

  • PR#779 added the --metadata-path argument to use a cargo metadata JSON file instead of calling cargo metadata, resolving #777.
  • PR#782 added sources.unused-allow-source to allow configuration of the lint level when a source is allowed but not used by any crate in the graph, closing #781.

Changed

  • PR#786 changed the license check output. / is no longer corrected to OR, and if the license expression is found in the package's manifest, that span is used in diagnostic messages instead of the synthesized manifest.

Fixed

  • PR#786 resolved #784 by updating spdx to a new version that forces all GNU licenses to be exactly equal when comparing license expressions to licensee expressions, which is incredibly pedantic, but means the license comparison is entirely in the hands of the user so that I no longer have to deal with GNU licenses.

Release 2.0.12 - cargo-deny 0.18.3

Changed

  • PR#773 changed cargo-deny's duplicate detection to automatically ignore versions whose only dependent is another version of the same crate.

Release 2.0.9 - cargo-deny 0.18.0

  • d8395c1 removed the rustup update.

Release 2.0.7 - cargo-deny 0.18.0

  • PR#92 fixed an issue introduced by the latest rustup release.

Release 2.0.6 - cargo-deny 0.18.0

Changed

  • PR#746 changed the directory naming of advisory databases, again, so the name uses the last path component and a different, but also stable, hashing algorithm. Eg. the default https://github.com/rustsec/advisory-db will now be placed in $CARGO_HOME/advisory-dbs/advisory-db-3157b0e258782691.
  • PR#746 changed the MSRV to 1.85.0 and uses edition 2024.

Fixed

  • PR#746 fixes an issue when using cargo 1.85.0 where source urls were not being properly assigned to crates.io due to the constant being used no longer matching the new path used in cargo 1.85.0 causing eg. workspace dependency checks to fail.

Release 2.0.5 - cargo-deny 0.17.0

... (truncated)

Commits

Updates actions/stale from 9 to 10

Release notes

Sourced from actions/stale's releases.

v10.0.0

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

New Contributors

Full Changelog: actions/stale@v9...v10.0.0

v9.1.0

What's Changed

New Contributors

Full Changelog: actions/stale@v9...v9.1.0

Changelog

Sourced from actions/stale's changelog.

Changelog

[10.1.0]

What's Changed

[10.0.0]

What's Changed

Breaking Changes

Enhancement

Dependency Upgrades

Documentation changes

[9.1.0]

What's Changed

[9.0.0]

Breaking Changes

  1. Action is now stateful: If the action ends because of operations-per-run then the next run will start from the first unprocessed issue skipping the issues processed during the previous run(s). The state is reset when all the issues are processed. This should be considered for scheduling workflow runs.
  2. Version 9 of this action updated the runtime to Node.js 20. All scripts are now run with Node.js 20 instead of Node.js 16 and are affected by any breaking changes between Node.js 16 and 20.

... (truncated)

Commits
  • 9971854 build(deps): bump actions/checkout from 4 to 6 (#1306)
  • 5611b9d build(deps): bump actions/publish-action from 0.3.0 to 0.4.0 (#1291)
  • fad0de8 Improves error handling when rate limiting is disabled on GHES. (#1300)
  • 39bea7d Add Missing Input Reading for only-issue-types (#1298)
  • e46bbab build(deps-dev): bump @​types/node from 20.10.3 to 24.2.0 and document breakin...
  • 65d1d48 build(deps-dev): bump eslint-config-prettier from 8.10.0 to 10.1.8 (#1276)
  • 5f858e3 Add only-issue-types option to filter issues by type (#1255)
  • 3a9db7e Upgrade to node 24 (#1279)
  • 8f717f0 Bumps form-data (#1277)
  • a92fd57 build(deps): bump undici from 5.28.5 to 5.29.0 (#1251)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps(actions): bump the github-actions group with 4 updates
df1a49e 
Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [mozilla-actions/sccache-action](https://github.com/mozilla-actions/sccache-action), [EmbarkStudios/cargo-deny-action](https://github.com/embarkstudios/cargo-deny-action) and [actions/stale](https://github.com/actions/stale).


Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

Updates `mozilla-actions/sccache-action` from 0.0.6 to 0.0.9
- [Release notes](https://github.com/mozilla-actions/sccache-action/releases)
- [Commits](Mozilla-Actions/sccache-action@v0.0.6...v0.0.9)

Updates `EmbarkStudios/cargo-deny-action` from 1 to 2
- [Release notes](https://github.com/embarkstudios/cargo-deny-action/releases)
- [Commits](EmbarkStudios/cargo-deny-action@v1...v2)

Updates `actions/stale` from 9 to 10
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](actions/stale@v9...v10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: mozilla-actions/sccache-action
  dependency-version: 0.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: EmbarkStudios/cargo-deny-action
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Jan 2, 2026

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from Lenvanderhof as a code owner January 2, 2026 07:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Lenvanderhof Lenvanderhof Awaiting requested review from Lenvanderhof Lenvanderhof is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant